ID de Prueba:	1.3.6.1.4.1.25623.1.0.14372
Categoría:	FTP
Título:	wu-ftpd S/KEY authentication overflow
Resumen:	The remote Wu-FTPd server seems to be vulnerable to a remote overflow.
Descripción:	Summary: The remote Wu-FTPd server seems to be vulnerable to a remote overflow. Vulnerability Insight: This version contains a remote overflow if s/key support is enabled. The skey_challenge function fails to perform bounds checking on the name variable resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity and/or availability. It appears that this vulnerability may be exploited prior to authentication. It is reported that S/Key support is not enabled by default, though some operating system distributions which ship Wu-Ftpd may have it enabled. Solution: Upgrade to Wu-FTPd 2.6.3 when available or disable SKEY or apply the patches available at the referenced vendor homepage. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0185 BugTraq ID: 8893 http://www.securityfocus.com/bid/8893 Debian Security Information: DSA-457 (Google Search) http://www.debian.org/security/2004/dsa-457 http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt http://www.securiteam.com/unixfocus/6X00Q1P8KC.html http://www.redhat.com/support/errata/RHSA-2004-096.html XForce ISS Database: wuftpd-skey-bo(13518) https://exchange.xforce.ibmcloud.com/vulnerabilities/13518
Copyright	Copyright (C) 2004 David Maciejak

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.