Test ID:	1.3.6.1.4.1.25623.1.0.14372
Category:	FTP
Title:	wu-ftpd S/KEY authentication overflow
Summary:	The remote Wu-FTPd server seems to be vulnerable to a remote overflow.
Description:	Summary: The remote Wu-FTPd server seems to be vulnerable to a remote overflow. Vulnerability Insight: This version contains a remote overflow if s/key support is enabled. The skey_challenge function fails to perform bounds checking on the name variable resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity and/or availability. It appears that this vulnerability may be exploited prior to authentication. It is reported that S/Key support is not enabled by default, though some operating system distributions which ship Wu-Ftpd may have it enabled. Solution: Upgrade to Wu-FTPd 2.6.3 when available or disable SKEY or apply the patches available at the referenced vendor homepage. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0185 BugTraq ID: 8893 http://www.securityfocus.com/bid/8893 Debian Security Information: DSA-457 (Google Search) http://www.debian.org/security/2004/dsa-457 http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt http://www.securiteam.com/unixfocus/6X00Q1P8KC.html http://www.redhat.com/support/errata/RHSA-2004-096.html XForce ISS Database: wuftpd-skey-bo(13518) https://exchange.xforce.ibmcloud.com/vulnerabilities/13518
Copyright	Copyright (C) 2004 David Maciejak

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.