Test ID:	1.3.6.1.4.1.25623.1.0.14371
Category:	FTP
Title:	wu-ftpd < 2.6.3 'MAIL_ADMIN' Overflow Vulnerability
Summary:	The remote Wu-FTPd server seems to be; vulnerable to a remote flaw.
Description:	Summary: The remote Wu-FTPd server seems to be vulnerable to a remote flaw. Vulnerability Insight: This version fails to properly check bounds on a pathname when Wu-Ftpd is compiled with MAIL_ADMIN enabled resulting in a buffer overflow. With a specially crafted request, an attacker can possibly execute arbitrary code as the user Wu-Ftpd runs as (usually root) resulting in a loss of integrity, and/or availability. It should be noted that this vulnerability is not present within the default installation of Wu-Ftpd. The server must be configured using the 'MAIL_ADMIN' option to notify an administrator when a file has been uploaded. Solution: Update to version 2.6.3 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-1327 BugTraq ID: 8668 http://www.securityfocus.com/bid/8668 Bugtraq: 20030922 Wu_ftpd all versions (not) vulnerability. (Google Search) http://archives.neohapsis.com/archives/bugtraq/2003-09/0348.html http://www.osvdb.org/2594 http://securitytracker.com/id?1007775 http://secunia.com/advisories/9835 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2003&m=slackware-security.365971 XForce ISS Database: wuftp-mailadmin-sockprintf-bo(13269) https://exchange.xforce.ibmcloud.com/vulnerabilities/13269
Copyright	Copyright (C) 2004 David Maciejak

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.