Executive Summary
| Summary | |
|---|---|
| Title | Correction: New version of wu-ftpd released |
| Informations | |||
|---|---|---|---|
| Name | DSA-016 | First vendor Publication | 2001-01-23 |
| Vendor | Debian | Last vendor Modification | 2001-01-24 |
| Severity (Vendor) | N/A | Revision | 3 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Security people at WireX have noticed a temp file creation bug and the WU-FTPD development team has found a possible format string bug in wu-ftpd. Both could be remotely exploited, though no such exploit exists currently. This additional advisory only announces a recompile of the package for the Intel ia32 architecture. The upload from yesterday was lacking PAM support. This only required a recompile and contains no other fixes. (Sorry, but when I make a mistake, I have to make it real, this time it's the correct file). For upgrading please use wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Or use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 2.2 alias potato |
Original Source
| Url : http://www.debian.org/security/2001/dsa-016 |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-05-05 | Name : HP-UX Update for WU-FTPD HPSBUX00180 File : nvt/gb_hp_ux_HPSBUX00180.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 016-1 (wu-ftpd) File : nvt/deb_016_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 1744 | WU-FTPD Debug Mode Client Hostname Remote Format String WU-FTPD contains a flaw that may allow a remote attacker to execute arbitrary code. The issue occurs when the service runs in 'debug' mode and an attacker has control over ident information being returned to the server. By manipulating the ident data returned to the host when requested by RFC 931 based authentication, an attacker can provide custom data with user-supplied format string identifiers that are passed to the syslog facility. This can be abused to overwrite portions of the system memory and execute arbitrary code. |
| 1716 | WU-FTPD privatepw Symlink Arbitrary File Overwrite WU-FTPD contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the 'privatepw' program creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2012-09-06 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2001-001.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-016.nasl - Type : ACT_GATHER_INFO |
| 2003-03-09 | Name : The remote FTP server has a format string vulnerability. File : wu_ftpd_pasv_format_string.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:25:17 |
|
