Originally Published: Saturday, 28 August 1999 Author: Rob Thomas
Published to: Headline News/Security Page: 1/1 - [Printable]

Vulnerabilities in wu-ftpd

Almost all current versions of wu-ftpd are vulnerable to a buffer overflow attack.

   Page 1 of 1  

Yesterday the WU-FTPD Development group sent out a notice to some of the major security mailing lists, such as Bugtraq, stating that almost all current versions of wu-ftpd are vulnerable to a buffer overflow attack.

Malicious users may gain root privileges both locally and remotely. The following versions are known to be affected:

wu-ftpd-2.4.2-beta-18-vr4 through wu-ftpd-2.4.2-beta-18-vr15 wu-ftpd-2.4.2-vr16 and wu-ftpd-2.4.2-vr17 wu-ftpd-2.5.0

BeroFTPD, all present versions

The WU-FTPD Development Group recommends that all users upgrade to version 2.5.0 and apply a special security patch in the process. This will ensure that your system cannot be exploited. You may find a patch at The WU-FTPD FTP site.

NOTE: This is not the same vulnerability that was publicized last may with versions 2.4.2 beta [15-18].

Anyone with questions should visit the WU-FTPD site at http://www.wu-ftpd.org.





   Page 1 of 1