2133 : WU-FTPD fb_realpath() Function Off-by-one Error
Printer | http://osvdb.org/2133 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
7	1252	almost 10 years ago	over 3 years ago	4 times	90%

Timeline

Disclosure Date
2003-07-31

Description

A local off-by-one overflow exists in WU-FTPD. The fb_realpath() function fails to validate user input resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Local Access Required, Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public

Solution

Upgrade to version 2.6.2-12 (Available on some Linux distributions) or higher, as it has been reported to fix this vulnerability. In addition, WU-FTPD Development Group has released a patch for some older versions of the primary distribution.

Products

WU-FTPD Development Group	wu-ftpd	2.5.0
		2.6.0
		2.6.1
		2.6.2

References

ISS X-Force ID: 12785
CVE ID: 2003-0466 (see also: NVD)
SCIP VulDB ID: 218
Related OSVDB ID: 6602
Exploit Database: 74 78
Milw0rm: 74 78
CERT VU: 743092
Bugtraq ID: 8315
Secunia Advisory ID: 9406 9521 9535
Vendor Specific Solution URL: ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/realpath.patch
Generic Informational URL: http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt
Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=105967301604815&w=2
Generic Exploit URL: http://marc.theaimsgroup.com/?l=bugtraq&m=106001702232325&w=2
http://www.frsirt.com/exploits/08.11.0x82-wu262-advanced.c.php
Vendor Specific Advisory URL: http://www.debian.org/security/2003/dsa-357
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:080
http://www.suse.de/de/security/2003_032_wuftpd.html
http://www.turbolinux.com/security/TLSA-2003-46.txt
http://your.hp.com/m/S.asp?HB14091692265X3612511X395967
https://rhn.redhat.com/errata/RHSA-2003-245.html
Vendor URL: http://www.wuftpd.org/
CIAC Advisory: n-132

Tools & Filters

	11811 12413 13555 13605 13801 15194
Snort	2389 2390 2391

Credit

Wojciech Purczynski - cliphisec.pl - isec.pl
Janusz Niewiadomski - funkyshisec.pl - Isec

CVSSv2 Score

CVSSv2 Base Score = 10.0
Source: nvd.nist.gov | Generated: 2003-12-31 | Disagree?

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.