| VID |
16007 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The wu-ftpd server may be vulnerable to a resource exhaustion via the SITE NEWER command.
Wu-ftpd is a common package used to provide File Transfer Protocol (FTP) services. The SITE NEWER command is a feature specific to wu-ftpd designed to allow mirroring software to identify all files newer than a supplied date. Some wu-ftpd servers are vulnerable to a resource exhaustion where an attacker may invoke this command to use all the memory available on the server.
Local and remote attackers who can connect to the FTP server can cause the server to consume excessive amounts of memory, preventing normal system operation. If the attackers can create files on the system, they may be able exploit this vulnerability to execute arbitrary code as the user running the ftpd daemon, usually root.
* References:
http://www.iss.net/security_center/static/3376.php
http://www.cert.org/advisories/CA-1999-13.html
* Platforms Affected:
wu-ftpd prior versions to 2.6.0 |
| Recommendation |
Upgrade to the latest version of wu-ftpd (2.6.0 or later), as listed in CERT Advisory CA-1999-13, http://www.cert.org/advisories/CA-1999-13.html |
| Related URL |
CVE-1999-0880 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
