Wu-ftpd debug mode format string

wuftp-debug-format-string (6020)

High Risk

Description:

WU-FTPD could allow a remote attacker to execute arbitrary code on the system, due to a format string vulnerability, when WU-FTPD is running in debug mode. A remote attacker can use this to execute arbitrary code on the system with the privileges of the current user.

Platforms Affected:

• Conectiva, Linux 5.0
• Conectiva, Linux 5.1
• Conectiva, Linux 6.0
• Conectiva, Linux 7.0
• Conectiva, Linux ecommerce
• Conectiva, Linux prg_graficos
• Debian, Debian Linux 2.2
• HP, HP-UX 11.00
• HP, HP-UX 11.11
• Washington University, WU-FTPD 2.4.1
• Washington University, WU-FTPD 2.4.2 Beta18 Academ
• Washington University, WU-FTPD 2.4.2 Beta18 VR10
• Washington University, WU-FTPD 2.4.2 Beta18 VR11
• Washington University, WU-FTPD 2.4.2 Beta18 VR12
• Washington University, WU-FTPD 2.4.2 Beta18 VR13
• Washington University, WU-FTPD 2.4.2 Beta18 VR14
• Washington University, WU-FTPD 2.4.2 Beta18 VR15
• Washington University, WU-FTPD 2.4.2 Beta18 VR4
• Washington University, WU-FTPD 2.4.2 Beta18 VR5
• Washington University, WU-FTPD 2.4.2 Beta18 VR6
• Washington University, WU-FTPD 2.4.2 Beta18 VR7
• Washington University, WU-FTPD 2.4.2 Beta18 VR8
• Washington University, WU-FTPD 2.4.2 Beta18 VR9
• Washington University, WU-FTPD 2.4.2 Beta9 Academ
• Washington University, WU-FTPD 2.4.2 VR16
• Washington University, WU-FTPD 2.4.2 VR17
• Washington University, WU-FTPD 2.5
• Washington University, WU-FTPD 2.6.0

Remedy:

Upgrade to the latest version of wu-ftpd (2.6.2 or later), when it becomes available from the WU-FTPD Web site. See References.

For Debian Linux 2.2 (alias potato):
Upgrade to the latest version of wu-ftpd (2.6.0 or later), as listed in DSA-016-3. See References.

For HP-UX 11.00 and 11.11:
Upgrade to the latest version of wu-ftpd, as listed in Hewlett-Packard Company Security Bulletin HPSBUX0201-180. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Privileges

References:

• CERT Advisory CA-2001-33, Multiple Vulnerabilities in WU-FTPD at http://www.cert.org/advisories/CA-2001-33.html.
• CIAC Information Bulletin M-032, HP-UX Security Vulnerability with wu-ftpd 2.6 at http://www.ciac.org/ciac/bulletins/m-032.shtml.
• Conectiva Linux Announcement CLSA-2001:443, Additional format string fixes for wu-ftpd at http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000443.
• Hewlett-Packard Company Security Bulletin HPSBUX0201-180, Security vulnerability in WU-FTPD 2.6., Format String. at http://online.securityfocus.com/advisories/3812. (From SecurityFocus archive.)
• WU-FTPD FTP site, Changes in 2.6.2 at ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_current/missing_format_strings.patch.
• WU-FTPD Web site, WU-FTPD Development Group at http://www.wu-ftpd.org.
• BID-2296: Wu-Ftpd Debug Mode Client Hostname Format String Vulnerability
• CVE-2001-0187: Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment.
• DSA-016: wu-ftpd -- temp file creation and format string
• US-CERT VU#639760: WU-FTPD configured to use RFC 931 authentication running in debug mode contains format string vulnerability

Reported:

Jan 23, 2001

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page