Washington University wu-ftpd prior 2.6.2 S/KEY authentication overflow 1.2
 
Plugin ID106
Plugin nameWashington University wu-ftpd prior 2.6.2 S/KEY authentication overflow
Plugin filenameWashington University wu-ftpd prior 2.6.2 S-KEY authentication overflow.plugin
Plugin filesize3789 bytes
Plugin familyFTP
Plugin created nameMarc Ruef
Plugin created emailmarc dot ruef at computec dot ch
Plugin created webhttp://www.computec.ch
Plugin created companycomputec.ch
Plugin created date2004/08/26
Plugin updated nameMarc Ruef
Plugin updated emailmarc dot ruef at computec dot ch
Plugin updated webhttp://www.computec.ch
Plugin updated companycomputec.ch
Plugin updated date2004/11/13
Plugin version1.2
Plugin changelogThe check is converted from the Nessus plugin. See the Nessus plugin ID for more details. Increased the speed of the pattern matching by deleting useless tests. Corrected the plugin structure and added the accuracy values in 1.2
Plugin protocoltcp
Plugin port21
Plugin procedure detectionopen|sleep|close|pattern_exists *wu-2.6.[0-2]*
Plugin detection accuracy80
Plugin commentThis plugin was written with the ATK Attack Editor.
Bug published nameMichael Hendrickx and Michal Zalewski (see SecurityFocus.com credits)
Bug published date2004/06/17
Bug advisoryhttp://www.securityfocus.com/archive/1/63980/2000-06-04/2000-06-10/0
Bug affectedWashington University wu-ftpd 2.6.0 to 2.6.2
Bug not affectedWashington University wu-ftpd newer than 2.6.2
Bug vulnerability classBuffer Overflow
Bug descriptionThe remote Wu-FTPd server seems to be vulnerable to a remote overflow. This version contains a remote overflow if s/key support is enabled. The skey_challenge function fails to perform bounds checking on the name variable resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity and/or availability. It appears that this vulnerability may be exploited prior to authentication. It is reported that S/Key support is not enabled by default, though some operating system distributions which ship Wu-Ftpd may have it enabled.
Bug solutionUpgrade to Wu-FTPd 2.6.3 when available or disable SKEY or apply thepatches available at http://www.wu-ftpd.org
Bug fixing timeapprox. 30 minutes
Bug exploit availabilityNo
Bug exploit urlhttp://www.securityfocus.com/bid/8893/exploit/
Bug remoteYes
Bug localYes
Bug severityMedium
Bug popularity3
Bug simplicity4
Bug impact9
Bug risk5
Bug Nessus riskHigh
Bug check toolsNessus is able to do nearly the same check. See Nessus plugin ID for more details.
Source CVECAN-2004-0185
Source SecurityFocus BID8893
Source OSVDB ID2715
Source Nessus ID14372
Source RedHat Security Advisory IDRHSA-2004:096
Source LiteratureHacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
Source Misc.http://www.securityfocus.com/advisories/6431

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.