Alias(es)WuFTP.SITE.EXEC.Attempt.A, WuFTP.SITE.EXEC.Attempt.B |
Release DateSep 11, 2006 |
Severitylow |
ImpactSystem compromise: attackers can remotely execute arbitrary commands as root. |
DescriptionThis indicates an attempt to exploit a stack overflow vulnerability in Washington University FTP daemon (wu-ftpd).Wu-ftpd is a popular file transfer protocol daemon from Washington University. Due to inadequate user input validation, a remote attacker can execute arbitrary commands on a target machine via specially crafted FTP commands. |
Affected ProductsWu-ftpd versions 2.6.0 and earlier. |
Recommended ActionsUpgrade to the latest version of wu-ftpd that does not have the vulnerability. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2000-0573 |
Reference/shttp://www.fortinet.com/ids/ID101777420http://www.cert.org/advisories/CA-1995-16.html |
