Washington University FTP Vulnerabilities

Impact

Any server running the versions prior to (and including) December 1998 of ProFTPD (1.2.0pre1), Wuarchive ftpd (2.4.2-academ[BETA-18]), wu-ftp 2.6.1(1), OpenBSD 6.4, or IAX Version 4.3 are vulnerable to exploit. wu-ftpd is installed and enabled by default on most Linux variants such as RedHat and Slackware Linux.

Background

There is a general class of vulnerability that exists in several popular ftp servers. Due to insufficient bounds checking, it is possible to subvert an ftp server by corrupting its internal stack space. By supplying carefully designed commands to the ftp server, intruders can force the the server to execute arbitrary commands with root privilege. On most vulnerable systems, the ftpd software is installed and enabled by default.

Resolution

Currently there are several ways to exploit the ftp servers in question. One temporary workaround against an anonymous attack is to disable any world writable directories the user may have access to by making them read only. This will prevent an attacker from building an unusually large path, which is required in order to execute many of attacks. The permanent solution is to install a patch from your Vendor, or locate one provided by the Software's author or maintainer. See Appendices A and B for more specific information.

Where can I read more about this?

You may read more about this vulnerability in CERT Advisory 99.03 and CERT Advisory 2000-13.

CVE Reference(s):