Info

Disclosure

Jan 04, 1997

Discovery

Jan 02, 1997

Dates

Exploit

Jan 04, 1997

Solution

Unknown

Description

wu-ftpd contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an ftp client is transferring a file, then closes the connection and sends an ABOR command, which causes the server to execute the dologout() function, allowing the user to gain root privileges. This flaw may lead to a loss of confidentiality and/or integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.4.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

WU-FTPD Development Group	wu-ftpd	2.0
		2.1
		2.1x
		2.2
		2.3
		2.4

References

CVE ID: 1999-1326 (see also: NVD)
ISS X-Force ID: 7169
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1997_1/0007.html
http://archives.neohapsis.com/archives/bugtraq/1997_1/0014.html

Credit

David Greenman - dgroot.com -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

WU-FTPD Development Group

wu-ftpd

References

Credit