ID de Prueba:	1.3.6.1.4.1.25623.1.0.11811
Categoría:	FTP
Título:	wu-ftpd fb_realpath() off-by-one overflow
Resumen:	NOSUMMARY
Descripción:	Description: The remote Wu-FTPd server seems to be vulnerable to an off-by-one overflow when dealing with huge directory structures. An attacker may exploit this flaw to obtain a shell on this host. *** Nessus solely relied on the banner of the remote server *** to issue this warning, so it may be a false positive. *** Since Wu-FTPd 2.6.3 has not been released yet and only *** patches are available to fix this issue, this might be *** a false positive. Solution : Upgrade to Wu-FTPd 2.6.3 when available or apply the patches available at http://www.wu-ftpd.org Risk factor : High
Referencia Cruzada:	BugTraq ID: 8315 Common Vulnerability Exposure (CVE) ID: CVE-2003-0466 http://www.securityfocus.com/bid/8315 Bugtraq: 20030731 wu-ftpd fb_realpath() off-by-one bug (Google Search) http://marc.info/?l=bugtraq&m=105967301604815&w=2 Bugtraq: 20030804 Off-by-one Buffer Overflow Vulnerability in BSD libc realpath(3) (Google Search) http://marc.info/?l=bugtraq&m=106002488209129&w=2 Bugtraq: 20030804 wu-ftpd-2.6.2 off-by-one remote exploit. (Google Search) http://marc.info/?l=bugtraq&m=106001702232325&w=2 Bugtraq: 20060213 Latest wu-ftpd exploit :-s (Google Search) http://www.securityfocus.com/archive/1/424852/100/0/threaded Bugtraq: 20060214 Re: Latest wu-ftpd exploit :-s (Google Search) http://www.securityfocus.com/archive/1/425061/100/0/threaded CERT/CC vulnerability note: VU#743092 http://www.kb.cert.org/vuls/id/743092 Debian Security Information: DSA-357 (Google Search) http://www.debian.org/security/2003/dsa-357 FreeBSD Security Advisory: FreeBSD-SA-03:08 http://marc.info/?l=bugtraq&m=106001410028809&w=2 HPdes Security Advisory: SSRT3606 Immunix Linux Advisory: IMNX-2003-7+-019-01 http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01 http://www.mandriva.com/security/advisories?name=MDKSA-2003:080 http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt NETBSD Security Advisory: NetBSD-SA2003-011.txt.asc ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc http://www.osvdb.org/6602 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1970 http://www.redhat.com/support/errata/RHSA-2003-245.html http://www.redhat.com/support/errata/RHSA-2003-246.html SCO Security Bulletin: CSSA-2003-SCO.20 http://securitytracker.com/id?1007380 http://secunia.com/advisories/9423 http://secunia.com/advisories/9446 http://secunia.com/advisories/9447 http://secunia.com/advisories/9535 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001257.1-1 SuSE Security Announcement: SuSE-SA:2003:032 (Google Search) http://www.novell.com/linux/security/advisories/2003_032_wuftpd.html TurboLinux Advisory: TLSA-2003-46 http://www.turbolinux.com/security/TLSA-2003-46.txt http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html XForce ISS Database: libc-realpath-offbyone-bo(12785) https://exchange.xforce.ibmcloud.com/vulnerabilities/12785
Copyright	This script is Copyright (C) 2003 Tenable Network Security

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.