WU-FTPD < 2.4.3 Directory Structure Processing Overflow

Critical Nessus Network Monitor Plugin ID 1810


The remote host is vulnerable to a buffer overflow.


The remote WU-FTPD server is vulnerable to a buffer overflow bug when it processes directories structure names. An attacker may use this flaw by creating a huge directory structure with specially malformed names, and may be able to execute arbitrary commands on this host with the privileges of the FTP daemon (typically, root)


Upgrade to WU-FTPD 2.4.3 or higher.

Plugin Details

Severity: Critical

ID: 1810

File Name: 1810.prm

Family: FTP Servers

Published: 2004/08/20

Modified: 2016/01/19

Dependencies: 1850

Nessus ID: 10318

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 9.8

Temporal Score: 9.1


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Reference Information

CVE: CVE-1999-0368, CVE-1999-0878, CVE-1999-0879, CVE-1999-0950

BID: 113, 599, 747, 2242

OSVDB: 1055, 1130, 14790, 248, 9163