ID de Prueba:	1.3.6.1.4.1.25623.1.0.14371
Categoría:	FTP
Título:	wu-ftpd < 2.6.3 'MAIL_ADMIN' Overflow Vulnerability
Resumen:	The remote Wu-FTPd server seems to be; vulnerable to a remote flaw.
Descripción:	Summary: The remote Wu-FTPd server seems to be vulnerable to a remote flaw. Vulnerability Insight: This version fails to properly check bounds on a pathname when Wu-Ftpd is compiled with MAIL_ADMIN enabled resulting in a buffer overflow. With a specially crafted request, an attacker can possibly execute arbitrary code as the user Wu-Ftpd runs as (usually root) resulting in a loss of integrity, and/or availability. It should be noted that this vulnerability is not present within the default installation of Wu-Ftpd. The server must be configured using the 'MAIL_ADMIN' option to notify an administrator when a file has been uploaded. Solution: Update to version 2.6.3 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-1327 BugTraq ID: 8668 http://www.securityfocus.com/bid/8668 Bugtraq: 20030922 Wu_ftpd all versions (not) vulnerability. (Google Search) http://archives.neohapsis.com/archives/bugtraq/2003-09/0348.html http://www.osvdb.org/2594 http://securitytracker.com/id?1007775 http://secunia.com/advisories/9835 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2003&m=slackware-security.365971 XForce ISS Database: wuftp-mailadmin-sockprintf-bo(13269) https://exchange.xforce.ibmcloud.com/vulnerabilities/13269
Copyright	Copyright (C) 2004 David Maciejak

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.