Vulnerabilities > CVE-2001-0187 - Unspecified vulnerability in Washington University Wu-Ftpd

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

washington-university

critical

nessus

exploit available

NVD

Published: 2001-03-26

Updated: 2017-10-10

Summary

Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment.

Vulnerable Configurations

Part	Description	Count
Application	Washington_University Washington University WU Ftpd 2.4.1 Washington University WU Ftpd 2.4.2_Beta9 Washington University WU Ftpd 2.4.2_Beta18 Washington University WU Ftpd 2.4.2_Beta18_Vr4 Washington University WU Ftpd 2.4.2_Beta18_Vr5 Washington University WU Ftpd 2.4.2_Beta18_Vr6 Washington University WU Ftpd 2.4.2_Beta18_Vr7 Washington University WU Ftpd 2.4.2_Beta18_Vr8 Washington University WU Ftpd 2.4.2_Beta18_Vr9 Washington University WU Ftpd 2.4.2_Beta18_Vr10 Washington University WU Ftpd 2.4.2_Beta18_Vr11 Washington University WU Ftpd 2.4.2_Beta18_Vr12 Washington University WU Ftpd 2.4.2_Beta18_Vr13 Washington University WU Ftpd 2.4.2_Beta18_Vr14 Washington University WU Ftpd 2.4.2_Beta18_Vr15 Washington University WU Ftpd 2.4.2_Vr16 Washington University WU Ftpd 2.4.2_Vr17 Washington University WU Ftpd 2.5 Washington University WU Ftpd 2.6	19

Exploit-Db

description	Wu-Ftpd 2.4.2/2.5/2.6 Debug Mode Client Hostname Format String Vulnerability. CVE-2001-0187. Remote exploit for unix platform
id	EDB-ID:20594
last seen	2016-02-02
modified	2001-01-23
published	2001-01-23
reporter	Wu-ftpd team
source	https://www.exploit-db.com/download/20594/
title	Wu-Ftpd 2.4.2/2.5/2.6 - Debug Mode Client Hostname Format String Vulnerability

Nessus

NASL family	FTP
NASL id	WU_FTPD_PASV_FORMAT_STRING.NASL
description	The remote WU-FTPd server, according to its version number, is vulnerable to a format string attack when running in debug mode.
last seen	2020-06-01
modified	2020-06-02
plugin id	11331
published	2003-03-09
reporter	This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/11331
title	WU-FTPD Debug Mode Client Hostname Remote Format String

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-016.NASL
description	Security people at WireX have noticed a temp file creation bug and the WU-FTPD development team has found a possible format string bug in wu-ftpd. Both could be remotely exploited, though no such exploit exists currently.
last seen	2020-06-01
modified	2020-06-02
plugin id	14853
published	2004-09-29
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14853
title	Debian DSA-016-3 : wu-ftpd - temp file creation and format string

Statements

contributor	Joshua Bressers
lastmodified	2006-09-27
organization	Red Hat
statement	Red Hat Enterprise Linux 2.1 ships with wu-ftp version 2.6.2 which is not vulnerable to this issue.

Summary

Vulnerable Configurations

Exploit-Db

Nessus

Statements

References