Plugin ID | 106 |
Plugin name | Washington University wu-ftpd prior 2.6.2 S/KEY authentication overflow |
Plugin filename | Washington University wu-ftpd prior 2.6.2 S-KEY authentication overflow.plugin |
Plugin filesize | 3789 bytes |
Plugin family | FTP |
Plugin created name | Marc Ruef |
Plugin created email | marc dot ruef at computec dot ch |
Plugin created web | http://www.computec.ch |
Plugin created company | computec.ch |
Plugin created date | 2004/08/26 |
Plugin updated name | Marc Ruef |
Plugin updated email | marc dot ruef at computec dot ch |
Plugin updated web | http://www.computec.ch |
Plugin updated company | computec.ch |
Plugin updated date | 2004/11/13 |
Plugin version | 1.2 |
Plugin changelog | The check is converted from the Nessus plugin. See the Nessus plugin ID for more details. Increased the speed of the pattern matching by deleting useless tests. Corrected the plugin structure and added the accuracy values in 1.2 |
Plugin protocol | tcp |
Plugin port | 21 |
Plugin procedure detection | open|sleep|close|pattern_exists *wu-2.6.[0-2]* |
Plugin detection accuracy | 80 |
Plugin comment | This plugin was written with the ATK Attack Editor. |
Bug published name | Michael Hendrickx and Michal Zalewski (see SecurityFocus.com credits) |
Bug published date | 2004/06/17 |
Bug advisory | http://www.securityfocus.com/archive/1/63980/2000-06-04/2000-06-10/0 |
Bug affected | Washington University wu-ftpd 2.6.0 to 2.6.2 |
Bug not affected | Washington University wu-ftpd newer than 2.6.2 |
Bug vulnerability class | Buffer Overflow |
Bug description | The remote Wu-FTPd server seems to be vulnerable to a remote overflow. This version contains a remote overflow if s/key support is enabled. The skey_challenge function fails to perform bounds checking on the name variable resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity and/or availability. It appears that this vulnerability may be exploited prior to authentication. It is reported that S/Key support is not enabled by default, though some operating system distributions which ship Wu-Ftpd may have it enabled. |
Bug solution | Upgrade to Wu-FTPd 2.6.3 when available or disable SKEY or apply thepatches available at http://www.wu-ftpd.org |
Bug fixing time | approx. 30 minutes |
Bug exploit availability | No |
Bug exploit url | http://www.securityfocus.com/bid/8893/exploit/ |
Bug remote | Yes |
Bug local | Yes |
Bug severity | Medium |
Bug popularity | 3 |
Bug simplicity | 4 |
Bug impact | 9 |
Bug risk | 5 |
Bug Nessus risk | High |
Bug check tools | Nessus is able to do nearly the same check. See Nessus plugin ID for more details. |
Source CVE | CAN-2004-0185 |
Source SecurityFocus BID | 8893 |
Source OSVDB ID | 2715 |
Source Nessus ID | 14372 |
Source RedHat Security Advisory ID | RHSA-2004:096 |
Source Literature | Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427 |
Source Misc. | http://www.securityfocus.com/advisories/6431 |