<plugin_id>107</plugin_id>
<plugin_name>Washington University wu-ftpd prior 2.6.3 MAIL_ADMIN overflow</plugin_name>
<plugin_family>FTP</plugin_family>
<plugin_created_date>2004/08/26</plugin_created_date>
<plugin_created_name>Marc Ruef</plugin_created_name>
<plugin_created_email>marc dot ruef at computec dot ch</plugin_created_email>
<plugin_created_web>http://www.computec.ch</plugin_created_web>
<plugin_created_company>computec.ch</plugin_created_company>
<plugin_updated_name>Marc Ruef</plugin_updated_name>
<plugin_updated_email>marc dot ruef at computec dot ch</plugin_updated_email>
<plugin_updated_web>http://www.computec.ch</plugin_updated_web>
<plugin_updated_company>computec.ch</plugin_updated_company>
<plugin_updated_date>2004/11/13</plugin_updated_date>
<plugin_version>1.2</plugin_version>
<plugin_changelog>The check is converted from the Nessus plugin. See the Nessus plugin ID for more details. Increased the speed of the pattern matching by deleting useless tests. Corrected the plugin structure and added the accuracy values in 1.2</plugin_changelog>
<plugin_protocol>tcp</plugin_protocol>
<plugin_port>21</plugin_port>
<plugin_procedure_detection>open|sleep|close|pattern_exists *wu-2.6.[0-2]* OR *wu-2.5.*</plugin_procedure_detection>
<plugin_detection_accuracy>80</plugin_detection_accuracy>
<plugin_comment>This plugin was written with the ATK Attack Editor.</plugin_comment>
<bug_published_name>Adam Zabrocki</bug_published_name>
<bug_published_email>pi3ki31ny at wp dot pl</bug_published_email>
<bug_published_date>2003/09/22</bug_published_date>
<bug_advisory>http://www.securityfocus.com/archive/1/338436</bug_advisory>
<bug_affected>Washington University wu-ftpd 2.5.x to 2.6.2</bug_affected>
<bug_not_affected>Washington University wu-ftpd newer than 2.6.2</bug_not_affected>
<bug_vulnerability_class>Buffer Overflow</bug_vulnerability_class>
<bug_description>The remote Wu-FTPd server seems to be vulnerable to a remote flaw. This version fails to properly check bounds on a pathname when Wu-Ftpd is compiled with MAIL_ADMIN enabled resulting in a buffer overflow. With a specially crafted request, an attacker can possibly execute arbitrary code as the user Wu-Ftpd runs as (usually root) resulting in a loss of integrity, and/or availability. It should be noted that this vulnerability is not present within the default installation of Wu-Ftpd. The server must be configured using the 'MAIL_ADMIN' option to notify an administrator when a file has been uploaded.</bug_description>
<bug_solution>Upgrade to Wu-FTPd 2.6.3 when available or disable MAIL_ADMIN or apply the patches available at http://www.wu-ftpd.org</bug_solution>
<bug_fixing_time>approx. 30 minutes</bug_fixing_time>
<bug_exploit_availability>No</bug_exploit_availability>
<bug_exploit_url>http://www.securityfocus.com/bid/8668/exploit/</bug_exploit_url>
<bug_remote>Yes</bug_remote>
<bug_local>Yes</bug_local>
<bug_severity>Medium</bug_severity>
<bug_popularity>2</bug_popularity>
<bug_simplicity>4</bug_simplicity>
<bug_impact>9</bug_impact>
<bug_risk>5</bug_risk>
<bug_nessus_risk>High</bug_nessus_risk>
<bug_check_tool>Nessus is able to do nearly the same check. See Nessus plugin ID for more details.</bug_check_tool>
<source_securityfocus_bid>8668</source_securityfocus_bid>
<source_osvdb_id>2594</source_osvdb_id>
<source_nessus_id>14371</source_nessus_id>
<source_literature>Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427</source_literature>
<source_misc>http://www.slackware.org/security/viewer.php?l=slackware-security&y=2003&m=slackware-security.365971</source_misc>