Executive Summary

Summary
Title Updated wu-ftpd packages fix remote vulnerability.
Informations
Name RHSA-2003:246 First vendor Publication 2003-07-31
Vendor RedHat Last vendor Modification 2003-07-31
Severity (Vendor) N/A Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2003-246.html

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-193 Off-by-one Error

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1970
 
Oval ID: oval:org.mitre.oval:def:1970
Title: Off-by-one Error in fb_realpath()
Description: Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.
Family: unix Class: vulnerability
Reference(s): CVE-2003-0466
 Version: 4
Platform(s): Sun Solaris 9
 Product(s): Solaris Management Console (SMC)
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 1
Os 1
Os 116
Os 40
Os 17
Os 1

OpenVAS Exploits

Date Description
2008-01-17 Name : Debian Security Advisory DSA 357-1 (wu-ftpd)
File : nvt/deb_357_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
6602 Multiple BSD libc realpath() Off-by-one Overflow

A local overflow exists in BSD-derived libc libraries. The realpath() function fails to validate user input resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
2133 WU-FTPD fb_realpath() Function Off-by-one Error

A local off-by-one overflow exists in WU-FTPD. The fb_realpath() function fails to validate user input resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Snort® IPS/IDS

Date Description
2014-01-10 RETR overflow attempt
RuleID : 2392-community - Revision : 22 - Type : PROTOCOL-FTP
2014-01-10 RETR overflow attempt
RuleID : 2392 - Revision : 22 - Type : PROTOCOL-FTP
2014-01-10 APPE overflow attempt
RuleID : 2391-community - Revision : 17 - Type : PROTOCOL-FTP
2014-01-10 APPE overflow attempt
RuleID : 2391 - Revision : 17 - Type : PROTOCOL-FTP
2014-01-10 STOU overflow attempt
RuleID : 2390-community - Revision : 12 - Type : PROTOCOL-FTP
2014-01-10 STOU overflow attempt
RuleID : 2390 - Revision : 12 - Type : PROTOCOL-FTP
2014-01-10 RNTO overflow attempt
RuleID : 2389-community - Revision : 21 - Type : PROTOCOL-FTP
2014-01-10 RNTO overflow attempt
RuleID : 2389 - Revision : 21 - Type : PROTOCOL-FTP

Nessus® Vulnerability Scanner

Date Description
2012-09-06 Name : The remote Mandrake Linux host is missing a security update.
File : mandrake_MDKSA-2003-080.nasl - Type : ACT_GATHER_INFO
2005-02-16 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_29460.nasl - Type : ACT_GATHER_INFO
2005-02-16 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_29461.nasl - Type : ACT_GATHER_INFO
2005-02-16 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_29462.nasl - Type : ACT_GATHER_INFO
2004-09-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-357.nasl - Type : ACT_GATHER_INFO
2004-07-25 Name : The remote host is missing a vendor-supplied security patch
File : suse_SA_2003_032.nasl - Type : ACT_GATHER_INFO
2004-07-06 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2003-246.nasl - Type : ACT_GATHER_INFO
2003-07-31 Name : The remote FTP server is affected by a buffer overflow vulnerability.
File : wu_ftpd_fb_realpath_offby1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:48:12
  • Multiple Updates