Info

Disclosure

Jan 23, 2001

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

WU-FTPD contains a flaw that may allow a remote attacker to execute arbitrary code. The issue occurs when the service runs in 'debug' mode and an attacker has control over ident information being returned to the server. By manipulating the ident data returned to the host when requested by RFC 931 based authentication, an attacker can provide custom data with user-supplied format string identifiers that are passed to the syslog facility. This can be abused to overwrite portions of the system memory and execute arbitrary code.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Rumored / Private
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.6.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

WU-FTPD Development Group

wu-ftpd

2.6.1

References

CVE ID: 2001-0187 (see also: NVD)
Bugtraq ID: 2296
ISS X-Force ID: 6020
CERT VU: 639760
CERT: CA-2001-33
Vendor Specific Solution URL: ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_current/missing_format_strings ......
CIAC Advisory: m-032

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218