| VID |
16006 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The wu-ftpd has a remotely exploitable globbing heap corruption vulnerability. It may be possible to make the affected FTP server crash by sending the command 'cd ~{' or 'ls ~{'.
Wu-ftpd is an ftp server based on the BSD ftpd that is maintained by Washington University. Wu-ftpd allows for clients to organize files for ftp actions based on "file globbing" patterns. File globbing is also used by various shells. The implementation of file globbing included in versions of wu-ftpd 2.6.1 and prior contains a heap corruption vulnerability that may allow for an attacker to execute arbitrary code on a server remotely.
* References:
http://www.securityfocus.com/bid/3581
http://www.securiteam.com/unixfocus/6U00V0035Q.html |
| Recommendation |
Recommend to disable the service and use alternatives until fixes are available.
You can refer to the following site for the fixes:
http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=solution&id=3581 |
| Related URL |
CVE-2001-0550 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
