Possible WUftpd Vulnerabilities


WUftpd: A third party ftpd daemon that is popular in Linux distributions. It is also found on many other platforms, installed by either the vendor or the user. Several versions have been found vulnerable. However, vendors have patched this program but have not changed the version number (as displayed on the login banner). Consequently, SARA can not confirm that the program is vulnerable.


A remote intruder can execute commands as root if the buffer overflow attack is successful (i.e, current target command is chdir).

The problem

The Washington University (WU) ftpd daemon is a powerful program that adds many safeguards and configurable security options to the standard ftpd distribution. Unfortunately, it has been plagued with several vulnerabilites in the late 1990's. The recent problem centers around version wu-2.5.0(1). the orginal version was vulnerable to the chdir attack. Vendors, such as Red Hat, quickly fixed the problem but neglected to change the version number. As SARA assesses ftp vulnerability by version number, it cannot determine if the new "version" has been applied.


Other tips