WU-FTPD < 2.4.3 Directory Structure Processing Overflow

critical Nessus Network Monitor Plugin ID 1810

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote WU-FTPD server is vulnerable to a buffer overflow bug when it processes directories structure names. An attacker may use this flaw by creating a huge directory structure with specially malformed names, and may be able to execute arbitrary commands on this host with the privileges of the FTP daemon (typically, root)

Solution

Upgrade to WU-FTPD 2.4.3 or higher.

Plugin Details

Severity: Critical

ID: 1810

Family: FTP Servers

Published: 8/20/2004

Updated: 3/6/2019

Nessus ID: 10318

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:washington_university:wu-ftpd

Reference Information

CVE: CVE-1999-0368, CVE-1999-0878, CVE-1999-0879, CVE-1999-0950

BID: 113, 599, 747, 2242