FTP : wu-ftpd SITE EXEC vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.10452

Categoría: FTP

Título: wu-ftpd SITE EXEC vulnerability

Resumen: The remote FTP server does not properly sanitize the argument of; the SITE EXEC command.

Descripción: Summary:
The remote FTP server does not properly sanitize the argument of
the SITE EXEC command.

Vulnerability Impact:
It may be possible for a remote attacker to gain root access.

Solution:
Upgrade your wu-ftpd server (<= 2.6.0 are vulnerable)
or disable any access from untrusted users (especially anonymous).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2000-0573
AUSCERT Advisory: AA-2000.02
ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2000.02
BugTraq ID: 1387
http://www.securityfocus.com/bid/1387
Bugtraq: 20000622 WuFTPD: Providing *remote* root since at least1994 (Google Search)
http://marc.info/?l=bugtraq&m=96171893218000&w=2
Bugtraq: 20000623 WUFTPD 2.6.0 remote root exploit (Google Search)
http://marc.info/?l=bugtraq&m=96179429114160&w=2
Bugtraq: 20000623 ftpd: the advisory version (Google Search)
http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000623091822.3321.qmail@fiver.freemessage.com
Bugtraq: 20000702 [Security Announce] wu-ftpd update (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2000-07/0017.html
Bugtraq: 20000707 New Released Version of the WuFTPD Sploit (Google Search)
http://marc.info/?l=bugtraq&m=96299933720862&w=2
Bugtraq: 20000723 CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release) (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2000-06/0244.html
Bugtraq: 20000929 [slackware-security] wuftpd vulnerability - Slackware 4.0, 7.0, 7.1, -current (Google Search)
Caldera Security Advisory: CSSA-2000-020.0
http://www.calderasystems.com/support/security/advisories/CSSA-2000-020.0.txt
http://www.cert.org/advisories/CA-2000-13.html
Debian Security Information: 20000623 (Google Search)
FreeBSD Security Advisory: FreeBSD-SA-00:29
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:29.wu-ftpd.asc.v1.1
NETBSD Security Advisory: NetBSD-SA2000-009
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-009.txt.asc
http://www.redhat.com/support/errata/RHSA-2000-039.html
XForce ISS Database: wuftp-format-string-stack-overwrite
XForce ISS Database: wuftp-format-string-stack-overwrite(4773)
https://exchange.xforce.ibmcloud.com/vulnerabilities/4773
Common Vulnerability Exposure (CVE) ID: CVE-1999-0997
Bugtraq: 19991220 Security vulnerability in certain wu-ftpd (and derivitives) configurations (fwd) (Google Search)
Debian Security Information: DSA-377 (Google Search)
http://www.debian.org/security/2003/dsa-377
XForce ISS Database: wuftp-ftp-conversion

Copyright Copyright (C) 2000 A. de Bernis

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.10452
Categoría:	FTP
Título:	wu-ftpd SITE EXEC vulnerability
Resumen:	The remote FTP server does not properly sanitize the argument of; the SITE EXEC command.
Descripción:	Summary: The remote FTP server does not properly sanitize the argument of the SITE EXEC command. Vulnerability Impact: It may be possible for a remote attacker to gain root access. Solution: Upgrade your wu-ftpd server (<= 2.6.0 are vulnerable) or disable any access from untrusted users (especially anonymous). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2000-0573 AUSCERT Advisory: AA-2000.02 ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2000.02 BugTraq ID: 1387 http://www.securityfocus.com/bid/1387 Bugtraq: 20000622 WuFTPD: Providing remote root since at least1994 (Google Search) http://marc.info/?l=bugtraq&m=96171893218000&w=2 Bugtraq: 20000623 WUFTPD 2.6.0 remote root exploit (Google Search) http://marc.info/?l=bugtraq&m=96179429114160&w=2 Bugtraq: 20000623 ftpd: the advisory version (Google Search) http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000623091822.3321.qmail@fiver.freemessage.com Bugtraq: 20000702 [Security Announce] wu-ftpd update (Google Search) http://archives.neohapsis.com/archives/bugtraq/2000-07/0017.html Bugtraq: 20000707 New Released Version of the WuFTPD Sploit (Google Search) http://marc.info/?l=bugtraq&m=96299933720862&w=2 Bugtraq: 20000723 CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release) (Google Search) http://archives.neohapsis.com/archives/bugtraq/2000-06/0244.html Bugtraq: 20000929 [slackware-security] wuftpd vulnerability - Slackware 4.0, 7.0, 7.1, -current (Google Search) Caldera Security Advisory: CSSA-2000-020.0 http://www.calderasystems.com/support/security/advisories/CSSA-2000-020.0.txt http://www.cert.org/advisories/CA-2000-13.html Debian Security Information: 20000623 (Google Search) FreeBSD Security Advisory: FreeBSD-SA-00:29 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:29.wu-ftpd.asc.v1.1 NETBSD Security Advisory: NetBSD-SA2000-009 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-009.txt.asc http://www.redhat.com/support/errata/RHSA-2000-039.html XForce ISS Database: wuftp-format-string-stack-overwrite XForce ISS Database: wuftp-format-string-stack-overwrite(4773) https://exchange.xforce.ibmcloud.com/vulnerabilities/4773 Common Vulnerability Exposure (CVE) ID: CVE-1999-0997 Bugtraq: 19991220 Security vulnerability in certain wu-ftpd (and derivitives) configurations (fwd) (Google Search) Debian Security Information: DSA-377 (Google Search) http://www.debian.org/security/2003/dsa-377 XForce ISS Database: wuftp-ftp-conversion
Copyright	Copyright (C) 2000 A. de Bernis