Plugin ID | 107 |
Plugin name | Washington University wu-ftpd prior 2.6.3 MAIL_ADMIN overflow |
Plugin filename | Washington University wu-ftpd prior 2.6.3 MAIL_ADMIN overflow.plugin |
Plugin filesize | 3759 bytes |
Plugin family | FTP |
Plugin created name | Marc Ruef |
Plugin created email | marc dot ruef at computec dot ch |
Plugin created web | http://www.computec.ch |
Plugin created company | computec.ch |
Plugin created date | 2004/08/26 |
Plugin updated name | Marc Ruef |
Plugin updated email | marc dot ruef at computec dot ch |
Plugin updated web | http://www.computec.ch |
Plugin updated company | computec.ch |
Plugin updated date | 2004/11/13 |
Plugin version | 1.2 |
Plugin changelog | The check is converted from the Nessus plugin. See the Nessus plugin ID for more details. Increased the speed of the pattern matching by deleting useless tests. Corrected the plugin structure and added the accuracy values in 1.2 |
Plugin protocol | tcp |
Plugin port | 21 |
Plugin procedure detection | open|sleep|close|pattern_exists *wu-2.6.[0-2]* OR *wu-2.5.* |
Plugin detection accuracy | 80 |
Plugin comment | This plugin was written with the ATK Attack Editor. |
Bug published name | Adam Zabrocki |
Bug published email | pi3ki31ny at wp dot pl |
Bug published date | 2003/09/22 |
Bug advisory | http://www.securityfocus.com/archive/1/338436 |
Bug affected | Washington University wu-ftpd 2.5.x to 2.6.2 |
Bug not affected | Washington University wu-ftpd newer than 2.6.2 |
Bug vulnerability class | Buffer Overflow |
Bug description | The remote Wu-FTPd server seems to be vulnerable to a remote flaw. This version fails to properly check bounds on a pathname when Wu-Ftpd is compiled with MAIL_ADMIN enabled resulting in a buffer overflow. With a specially crafted request, an attacker can possibly execute arbitrary code as the user Wu-Ftpd runs as (usually root) resulting in a loss of integrity, and/or availability. It should be noted that this vulnerability is not present within the default installation of Wu-Ftpd. The server must be configured using the 'MAIL_ADMIN' option to notify an administrator when a file has been uploaded. |
Bug solution | Upgrade to Wu-FTPd 2.6.3 when available or disable MAIL_ADMIN or apply the patches available at http://www.wu-ftpd.org |
Bug fixing time | approx. 30 minutes |
Bug exploit availability | No |
Bug exploit url | http://www.securityfocus.com/bid/8668/exploit/ |
Bug remote | Yes |
Bug local | Yes |
Bug severity | Medium |
Bug popularity | 2 |
Bug simplicity | 4 |
Bug impact | 9 |
Bug risk | 5 |
Bug Nessus risk | High |
Bug check tools | Nessus is able to do nearly the same check. See Nessus plugin ID for more details. |
Source SecurityFocus BID | 8668 |
Source OSVDB ID | 2594 |
Source Nessus ID | 14371 |
Source Literature | Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427 |
Source Misc. | http://www.slackware.org/security/viewer.php?l=slackware-security&y=2003&m=slackware-security.365971 |