Washington University wu-ftpd prior 2.6.3 MAIL_ADMIN overflow 1.2
 
Plugin ID107
Plugin nameWashington University wu-ftpd prior 2.6.3 MAIL_ADMIN overflow
Plugin filenameWashington University wu-ftpd prior 2.6.3 MAIL_ADMIN overflow.plugin
Plugin filesize3759 bytes
Plugin familyFTP
Plugin created nameMarc Ruef
Plugin created emailmarc dot ruef at computec dot ch
Plugin created webhttp://www.computec.ch
Plugin created companycomputec.ch
Plugin created date2004/08/26
Plugin updated nameMarc Ruef
Plugin updated emailmarc dot ruef at computec dot ch
Plugin updated webhttp://www.computec.ch
Plugin updated companycomputec.ch
Plugin updated date2004/11/13
Plugin version1.2
Plugin changelogThe check is converted from the Nessus plugin. See the Nessus plugin ID for more details. Increased the speed of the pattern matching by deleting useless tests. Corrected the plugin structure and added the accuracy values in 1.2
Plugin protocoltcp
Plugin port21
Plugin procedure detectionopen|sleep|close|pattern_exists *wu-2.6.[0-2]* OR *wu-2.5.*
Plugin detection accuracy80
Plugin commentThis plugin was written with the ATK Attack Editor.
Bug published nameAdam Zabrocki
Bug published emailpi3ki31ny at wp dot pl
Bug published date2003/09/22
Bug advisoryhttp://www.securityfocus.com/archive/1/338436
Bug affectedWashington University wu-ftpd 2.5.x to 2.6.2
Bug not affectedWashington University wu-ftpd newer than 2.6.2
Bug vulnerability classBuffer Overflow
Bug descriptionThe remote Wu-FTPd server seems to be vulnerable to a remote flaw. This version fails to properly check bounds on a pathname when Wu-Ftpd is compiled with MAIL_ADMIN enabled resulting in a buffer overflow. With a specially crafted request, an attacker can possibly execute arbitrary code as the user Wu-Ftpd runs as (usually root) resulting in a loss of integrity, and/or availability. It should be noted that this vulnerability is not present within the default installation of Wu-Ftpd. The server must be configured using the 'MAIL_ADMIN' option to notify an administrator when a file has been uploaded.
Bug solutionUpgrade to Wu-FTPd 2.6.3 when available or disable MAIL_ADMIN or apply the patches available at http://www.wu-ftpd.org
Bug fixing timeapprox. 30 minutes
Bug exploit availabilityNo
Bug exploit urlhttp://www.securityfocus.com/bid/8668/exploit/
Bug remoteYes
Bug localYes
Bug severityMedium
Bug popularity2
Bug simplicity4
Bug impact9
Bug risk5
Bug Nessus riskHigh
Bug check toolsNessus is able to do nearly the same check. See Nessus plugin ID for more details.
Source SecurityFocus BID8668
Source OSVDB ID2594
Source Nessus ID14371
Source LiteratureHacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
Source Misc.http://www.slackware.org/security/viewer.php?l=slackware-security&y=2003&m=slackware-security.365971

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.