Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.14301 |
Category: | FTP |
Title: | wu-ftpd ABOR privilege escalation |
Summary: | The remote Wu-FTPd server seems to be vulnerable to a remote privilege; escalation. |
Description: | Summary: The remote Wu-FTPd server seems to be vulnerable to a remote privilege escalation. Vulnerability Insight: This version contains a flaw that may allow a malicious user to gain access to unauthorized privileges. Specifically, there is a flaw in the way that the server handles an ABOR command after a data connection has been closed. The flaw is within the dologout() function and proper exploitation will give the remote attacker the ability to execute arbitrary code as the 'root' user. Vulnerability Impact: This flaw may lead to a loss of confidentiality and/or integrity. Solution: Upgrade to Wu-FTPd 2.4.2 or newer. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-1999-1326 Bugtraq: 19970104 serious security bug in wu-ftpd v2.4 (Google Search) http://marc.info/?l=bugtraq&m=87602167420401&w=2 Bugtraq: 19970105 BoS: serious security bug in wu-ftpd v2.4 -- PATCH (Google Search) http://marc.info/?l=bugtraq&m=87602167420408&w=2 XForce ISS Database: wuftpd-abor-gain-privileges(7169) https://exchange.xforce.ibmcloud.com/vulnerabilities/7169 |
Copyright | This script is Copyright (C) 2004 David Maciejak |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |