Wu-ftp site exec command could compromise root privileges

Risk Level: High risk vulnerability  High

Check or Attack Name: ftpexec
Platforms: wu-ftpd: 2.4.1 and earlier.
Description:

A vulnerable version of wu-ftp daemon was found. Site Exec in older versions of the wu-ftp daemon allowed remote root access, without using anonymous FTP or a regular account to exploit the system.
Remedy:

Upgrade your FTP server.

To upgrade to the latest version of Wu-FTP, follow these steps:

  1. Open a web browser.
  2. Go to http://ftp.academ.com/academ/wu-ftpd/release.html or ftp://ftp.academ.com/pub/wu-ftpd/.
  3. Download the Wu-FTP patch.
  4. Locate the patch on your system and execute it.
  5. Follow the directions to apply the patch.
References:

CERT Advisory CA-93.06, wuarchive ftpd Vulnerability, http://www.cert.org/ftp/cert_advisories/CA-93:06.wuarchive.ftpd.vulnerability

Hewlett-Packard Security Bulletin HPSBUX9405-010, ftpd: SITE CHMOD / race condition vulnerability, http://us-support.external.hp.com/

CERT Advisory CA-94.08, ftpd Vulnerabilities, http://www.cert.org/ftp/cert_advisories/CA-94:08.ftpd.vulnerabilities

Academ Consulting Services, WU-FTP Server Software Release Information, http://ftp.academ.com/academ/wu-ftpd/release.html
X-Force Logo
Know Your Risks