Alias(es)WuFTP.Glob.Filename.Bad |
Release DateAug 03, 2006 |
Severityhigh |
ImpactAttackers can execute arbitrary commands on the victim system. |
DescriptionIt indicates an attempt to exploit a heap corruption vulnerability in Washington University FTP daemon (wu-ftpd).Wu-ftpd is a popular file transfer protocol daemon originated in Washington University. There exists a vulnerability in the globbing function that allows attackers to execute arbitrary commands via certain carefully-constructed FTP comands. |
Affected ProductsAny unprotected wu-ftpd 2.6.0 or 2.6.1 is vulnerable to the attack. |
Recommended ActionsUpgrade to the latest non-vulnerable version of the software. Disable anonymous FTP access unless absolutely required. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2001-0550 |
Reference/shttp://www.cert.org/advisories/CA-2001-33.htmlhttp://www.securityfocus.com/bid/3581 (BugTraq) |
