Test Kennung:	1.3.6.1.4.1.25623.1.0.14372
Kategorie:	FTP
Titel:	wu-ftpd S/KEY authentication overflow
Zusammenfassung:	The remote Wu-FTPd server seems to be vulnerable to a remote overflow.
Beschreibung:	Summary: The remote Wu-FTPd server seems to be vulnerable to a remote overflow. Vulnerability Insight: This version contains a remote overflow if s/key support is enabled. The skey_challenge function fails to perform bounds checking on the name variable resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity and/or availability. It appears that this vulnerability may be exploited prior to authentication. It is reported that S/Key support is not enabled by default, though some operating system distributions which ship Wu-Ftpd may have it enabled. Solution: Upgrade to Wu-FTPd 2.6.3 when available or disable SKEY or apply the patches available at the referenced vendor homepage. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0185 BugTraq ID: 8893 http://www.securityfocus.com/bid/8893 Debian Security Information: DSA-457 (Google Search) http://www.debian.org/security/2004/dsa-457 http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt http://www.securiteam.com/unixfocus/6X00Q1P8KC.html http://www.redhat.com/support/errata/RHSA-2004-096.html XForce ISS Database: wuftpd-skey-bo(13518) https://exchange.xforce.ibmcloud.com/vulnerabilities/13518
Copyright	Copyright (C) 2004 David Maciejak

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.