Vulnerabilities > CVE-2003-0466 - Off-by-one Error vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 | |
Application | 1 | |
OS | 2 | |
OS | 1 | |
OS | Freebsd
| 192 |
OS | 7 | |
OS | 14 |
Common Weakness Enumeration (CWE)
Exploit-Db
description wu-ftpd 2.6.2, 2.6.0, 2.6.1 realpath() Off-By-One Buffer Overflow Vulnerability. CVE-2003-0466. Remote exploit for unix platform id EDB-ID:22975 last seen 2016-02-02 modified 2003-08-06 published 2003-08-06 reporter Xpl017Elz source https://www.exploit-db.com/download/22975/ title wu-ftpd 2.6.2, 2.6.0, 2.6.1 realpath Off-By-One Buffer Overflow Vulnerability description freeBSD 4.8 realpath() Off-By-One Buffer Overflow Vulnerability. CVE-2003-0466. Remote exploit for freebsd platform id EDB-ID:22976 last seen 2016-02-02 modified 2003-07-31 published 2003-07-31 reporter [email protected] source https://www.exploit-db.com/download/22976/ title freeBSD 4.8 realpath Off-By-One Buffer Overflow Vulnerability description wu-ftpd 2.6.2 off-by-one Remote Root Exploit. CVE-2003-0466. Remote exploit for linux platform id EDB-ID:74 last seen 2016-01-31 modified 2003-08-03 published 2003-08-03 reporter Xpl017Elz source https://www.exploit-db.com/download/74/ title wu-ftpd 2.6.2 - off-by-one Remote Root Exploit description wu-ftpd 2.6.2 Remote Root Exploit (advanced version). CVE-2003-0466. Remote exploit for linux platform id EDB-ID:78 last seen 2016-01-31 modified 2003-08-11 published 2003-08-11 reporter Xpl017Elz source https://www.exploit-db.com/download/78/ title wu-ftpd 2.6.2 - Remote Root Exploit description wu-ftpd 2.6.2 realpath() Off-By-One Buffer Overflow Vulnerability. CVE-2003-0466. Remote exploit for unix platform id EDB-ID:22974 last seen 2016-02-02 modified 2003-08-02 published 2003-08-02 reporter Xpl017Elz source https://www.exploit-db.com/download/22974/ title wu-ftpd 2.6.2 - realpath Off-By-One Buffer Overflow Vulnerability
Nessus
NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_29462.NASL description s700_800 11.22 ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential vulnerability has been identified with HP-UX running ftpd where the vulnerability could be exploited to allow a remote authorized user unauthorized access to files. (HPSBUX01119 SSRT4694) - A potential security vulnerability has been identified with HP-UX running ftp where the vulnerability could be exploited remotely to allow unauthorized access. (HPSBUX01050 SSRT3456) - The wu-ftpd program is potentially vulnerable to a buffer overflow. (HPSBUX00277 SSRT3606) - A potential security vulnerability has been identified with HP-UX running ftpd, where a buffer overflow in ftpd could be remotely exploited to allow an unauthorized user to gain privileged access. (HPSBUX01118 SSRT4883) - A potential vulnerability has been identified with HP-UX running wu-ftpd with the restricted gid option enabled where the vulnerability could be exploited by a local user to gain unauthorized access to files. (HPSBUX01059 SSRT4704) last seen 2020-06-01 modified 2020-06-02 plugin id 16907 published 2005-02-16 reporter This script is Copyright (C) 2005-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16907 title HP-UX PHNE_29462 : s700_800 11.22 ftpd(1M) and ftp(1) patch code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_29462. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(16907); script_version("$Revision: 1.12 $"); script_cvs_date("$Date: 2016/01/14 15:20:32 $"); script_cve_id("CVE-2003-0466", "CVE-2004-0148", "CVE-2004-1332", "CVE-2005-0547"); script_xref(name:"HP", value:"emr_na-c00572225"); script_xref(name:"HP", value:"emr_na-c00951272"); script_xref(name:"HP", value:"emr_na-c00951289"); script_xref(name:"HP", value:"emr_na-c01035676"); script_xref(name:"HP", value:"emr_na-c01035678"); script_xref(name:"HP", value:"HPSBUX00277"); script_xref(name:"HP", value:"HPSBUX01050"); script_xref(name:"HP", value:"HPSBUX01059"); script_xref(name:"HP", value:"HPSBUX01118"); script_xref(name:"HP", value:"HPSBUX01119"); script_xref(name:"HP", value:"SSRT3456"); script_xref(name:"HP", value:"SSRT3606"); script_xref(name:"HP", value:"SSRT4694"); script_xref(name:"HP", value:"SSRT4704"); script_xref(name:"HP", value:"SSRT4883"); script_name(english:"HP-UX PHNE_29462 : s700_800 11.22 ftpd(1M) and ftp(1) patch"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.22 ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential vulnerability has been identified with HP-UX running ftpd where the vulnerability could be exploited to allow a remote authorized user unauthorized access to files. (HPSBUX01119 SSRT4694) - A potential security vulnerability has been identified with HP-UX running ftp where the vulnerability could be exploited remotely to allow unauthorized access. (HPSBUX01050 SSRT3456) - The wu-ftpd program is potentially vulnerable to a buffer overflow. (HPSBUX00277 SSRT3606) - A potential security vulnerability has been identified with HP-UX running ftpd, where a buffer overflow in ftpd could be remotely exploited to allow an unauthorized user to gain privileged access. (HPSBUX01118 SSRT4883) - A potential vulnerability has been identified with HP-UX running wu-ftpd with the restricted gid option enabled where the vulnerability could be exploited by a local user to gain unauthorized access to files. (HPSBUX01059 SSRT4704)" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00951272 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6ca73dfe" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00951289 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?353e3f75" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00572225 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2fb36360" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01035676 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0e3b95fe" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01035678 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9d4b2076" ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_29462 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/06/03"); script_set_attribute(attribute:"patch_modification_date", value:"2006/01/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2016 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.22")) { exit(0, "The host is not affected since PHNE_29462 applies to a different OS release."); } patches = make_list("PHNE_29462"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS2-RUN", version:"B.11.22")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family FTP NASL id WU_FTPD_FB_REALPATH_OFFBY1.NASL description The remote WU-FTPD server seems to be vulnerable to an off-by-one overflow when dealing with huge directory structures. An attacker may exploit this flaw to obtain a shell on this host. Note that Nessus has solely relied on the banner of the remote server to issue this warning so it may be a false-positive, especially if the patch has already been applied. last seen 2020-06-01 modified 2020-06-02 plugin id 11811 published 2003-07-31 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11811 title WU-FTPD fb_realpath() Function Off-by-one Overflow code # # (C) Tenable Network Security, Inc. # # Ref: # # Date: Thu, 31 Jul 2003 18:16:03 +0200 (CEST) # From: Janusz Niewiadomski <[email protected]> # To: [email protected], <[email protected]> # Subject: [VulnWatch] wu-ftpd fb_realpath() off-by-one bug include("compat.inc"); if(description) { script_id(11811); script_bugtraq_id(8315); script_cve_id("CVE-2003-0466"); script_xref(name:"RHSA", value:"2003:245-01"); script_xref(name:"SuSE", value:"SUSE-SA:2003:032"); script_version ("1.28"); script_name(english:"WU-FTPD fb_realpath() Function Off-by-one Overflow"); script_set_attribute(attribute:"synopsis", value: "The remote FTP server is affected by a buffer overflow vulnerability." ); script_set_attribute(attribute:"description", value: "The remote WU-FTPD server seems to be vulnerable to an off-by-one overflow when dealing with huge directory structures. An attacker may exploit this flaw to obtain a shell on this host. Note that Nessus has solely relied on the banner of the remote server to issue this warning so it may be a false-positive, especially if the patch has already been applied." ); script_set_attribute(attribute:"see_also", value:"http://www.securiteam.com/unixfocus/5ZP010AAUI.html" ); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2003/Aug/43" ); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9eabbd45" ); script_set_attribute(attribute:"solution", value: "Apply the realpath.patch patch." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2003/07/31"); script_set_attribute(attribute:"vuln_publication_date", value: "2003/07/31"); script_cvs_date("Date: 2018/11/15 20:50:22"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_summary(english:"Checks the banner of the remote wu-ftpd server"); script_category(ACT_GATHER_INFO); script_family(english:"FTP"); script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc."); script_dependencie("ftpserver_detect_type_nd_version.nasl", "ftp_anonymous.nasl"); script_require_keys("ftp/wuftpd", "Settings/ParanoidReport"); script_require_ports("Services/ftp", 21); exit(0); } # # The script code starts here : # include("ftp_func.inc"); include("backport.inc"); include("global_settings.inc"); include("audit.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); port = get_ftp_port(default: 21); banner = get_backport_banner(banner:get_ftp_banner(port: port)); if (! banner ) exit(1); if(egrep(pattern:".*(wu|wuftpd)-(2\.(5\.|6\.[012])).*", string:banner))security_hole(port);
NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_29460.NASL description s700_800 11.00 ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running ftp where the vulnerability could be exploited remotely to allow unauthorized access. (HPSBUX01050 SSRT3456) - A potential security vulnerability has been identified with HP-UX running ftpd, where a buffer overflow in ftpd could be remotely exploited to allow an unauthorized user to gain privileged access. (HPSBUX01118 SSRT4883) - The wu-ftpd program is potentially vulnerable to a buffer overflow. (HPSBUX00277 SSRT3606) last seen 2020-06-01 modified 2020-06-02 plugin id 16909 published 2005-02-16 reporter This script is Copyright (C) 2005-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16909 title HP-UX PHNE_29460 : s700_800 11.00 ftpd(1M) and ftp(1) patch code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_29460. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(16909); script_version("$Revision: 1.13 $"); script_cvs_date("$Date: 2016/01/14 15:20:32 $"); script_cve_id("CVE-2003-0466", "CVE-2004-1332"); script_xref(name:"HP", value:"emr_na-c00951272"); script_xref(name:"HP", value:"emr_na-c00951289"); script_xref(name:"HP", value:"emr_na-c01035676"); script_xref(name:"HP", value:"HPSBUX00277"); script_xref(name:"HP", value:"HPSBUX01050"); script_xref(name:"HP", value:"HPSBUX01118"); script_xref(name:"HP", value:"SSRT3456"); script_xref(name:"HP", value:"SSRT3606"); script_xref(name:"HP", value:"SSRT4883"); script_name(english:"HP-UX PHNE_29460 : s700_800 11.00 ftpd(1M) and ftp(1) patch"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.00 ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running ftp where the vulnerability could be exploited remotely to allow unauthorized access. (HPSBUX01050 SSRT3456) - A potential security vulnerability has been identified with HP-UX running ftpd, where a buffer overflow in ftpd could be remotely exploited to allow an unauthorized user to gain privileged access. (HPSBUX01118 SSRT4883) - The wu-ftpd program is potentially vulnerable to a buffer overflow. (HPSBUX00277 SSRT3606)" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00951272 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6ca73dfe" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00951289 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?353e3f75" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01035676 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0e3b95fe" ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_29460 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/02/10"); script_set_attribute(attribute:"patch_modification_date", value:"2007/04/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2016 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.00")) { exit(0, "The host is not affected since PHNE_29460 applies to a different OS release."); } patches = make_list("PHNE_29460", "PHNE_30989", "PHNE_33406", "PHNE_34543"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.00")) flag++; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.00")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-080.NASL description A vulnerability was discovered by Janusz Niewiadomski and Wojciech Purczynski in the wu-ftpd FTP server package. They found an off-by- one bug in the fb_realpath() function which could be used by a remote attacker to obtain root privileges on the server. This bug can only be successfully accomplished by using wu-ftpd binaries compiled on Linux 2.0.x and later 2.4.x kernels because the 2.2.x and earlier 2.4.x kernels define PATH_MAX to be 4095 characters. wu-ftpd is no longer shipped with Mandrake Linux, however Mandrake Linux 8.2 did come with wu-ftpd. If you use wu-ftpd, you are encouraged to upgrade to these patched packages. last seen 2020-06-01 modified 2020-06-02 plugin id 61921 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61921 title Mandrake Linux Security Advisory : wu-ftpd (MDKSA-2003:080) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2003:080. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(61921); script_version("1.6"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2003-0466"); script_xref(name:"MDKSA", value:"2003:080"); script_name(english:"Mandrake Linux Security Advisory : wu-ftpd (MDKSA-2003:080)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandrake Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "A vulnerability was discovered by Janusz Niewiadomski and Wojciech Purczynski in the wu-ftpd FTP server package. They found an off-by- one bug in the fb_realpath() function which could be used by a remote attacker to obtain root privileges on the server. This bug can only be successfully accomplished by using wu-ftpd binaries compiled on Linux 2.0.x and later 2.4.x kernels because the 2.2.x and earlier 2.4.x kernels define PATH_MAX to be 4095 characters. wu-ftpd is no longer shipped with Mandrake Linux, however Mandrake Linux 8.2 did come with wu-ftpd. If you use wu-ftpd, you are encouraged to upgrade to these patched packages." ); script_set_attribute( attribute:"solution", value:"Update the affected wu-ftpd package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wu-ftpd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2"); script_set_attribute(attribute:"patch_publication_date", value:"2003/07/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"wu-ftpd-2.6.2-1.1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-357.NASL description iSEC Security Research reports that wu-ftpd contains an off-by-one bug in the fb_realpath function which could be exploited by a logged-in user (local or anonymous) to gain root privileges. A demonstration exploit is reportedly available. last seen 2020-06-01 modified 2020-06-02 plugin id 15194 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15194 title Debian DSA-357-1 : wu-ftpd - remote root exploit code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-357. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15194); script_version("1.21"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2003-0466"); script_bugtraq_id(8315); script_xref(name:"DSA", value:"357"); script_name(english:"Debian DSA-357-1 : wu-ftpd - remote root exploit"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "iSEC Security Research reports that wu-ftpd contains an off-by-one bug in the fb_realpath function which could be exploited by a logged-in user (local or anonymous) to gain root privileges. A demonstration exploit is reportedly available." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2003/dsa-357" ); script_set_attribute( attribute:"solution", value: "Upgrade the wu-ftpd package immediately. For the current stable distribution (woody) this problem has been fixed in version 2.6.2-3woody1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wu-ftpd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2003/07/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"wu-ftpd", reference:"2.6.2-3woody1")) flag++; if (deb_check(release:"3.0", prefix:"wu-ftpd-academ", reference:"2.6.2-3woody1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-246.NASL description Updated wu-ftpd packages are available that fix an off-by-one buffer overflow. The wu-ftpd package contains the Washington University FTP (File Transfer Protocol) server daemon. FTP is a method of transferring files between machines. An off-by-one bug has been discovered in versions of wu-ftpd up to and including 2.6.2. On a vulnerable system, a remote attacker would be able to exploit this bug to gain root privileges. Red Hat Enterprise Linux contains a version of wu-ftpd that is affected by this bug, although it is believed that this issue will not be remotely exploitable due to compiler padding of the buffer that is the target of the overflow. However, Red Hat still advises that all users of wu-ftpd upgrade to these erratum packages, which contain a security patch. Red Hat would like to thank Wojciech Purczynski and Janusz Niewiadomski of ISEC Security Research for their responsible disclosure of this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 12413 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12413 title RHEL 2.1 : wu-ftpd (RHSA-2003:246) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2003:246. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12413); script_version ("1.27"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2003-0466"); script_xref(name:"RHSA", value:"2003:246"); script_name(english:"RHEL 2.1 : wu-ftpd (RHSA-2003:246)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated wu-ftpd packages are available that fix an off-by-one buffer overflow. The wu-ftpd package contains the Washington University FTP (File Transfer Protocol) server daemon. FTP is a method of transferring files between machines. An off-by-one bug has been discovered in versions of wu-ftpd up to and including 2.6.2. On a vulnerable system, a remote attacker would be able to exploit this bug to gain root privileges. Red Hat Enterprise Linux contains a version of wu-ftpd that is affected by this bug, although it is believed that this issue will not be remotely exploitable due to compiler padding of the buffer that is the target of the overflow. However, Red Hat still advises that all users of wu-ftpd upgrade to these erratum packages, which contain a security patch. Red Hat would like to thank Wojciech Purczynski and Janusz Niewiadomski of ISEC Security Research for their responsible disclosure of this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2003-0466" ); # http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt script_set_attribute( attribute:"see_also", value:"https://isec.pl/en/vulnerabilities/isec-0011-wu-ftpd.txt" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2003:246" ); script_set_attribute( attribute:"solution", value:"Update the affected wu-ftpd package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:wu-ftpd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/08/27"); script_set_attribute(attribute:"patch_publication_date", value:"2003/07/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2003:246"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"wu-ftpd-2.6.1-21")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wu-ftpd"); } }
NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_29461.NASL description s700_800 11.11 ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - The wu-ftpd program is potentially vulnerable to a buffer overflow. (HPSBUX00277 SSRT3606) - A potential security vulnerability has been identified with HP-UX running ftpd, where a buffer overflow in ftpd could be remotely exploited to allow an unauthorized user to gain privileged access. (HPSBUX01118 SSRT4883) - A potential security vulnerability has been identified with HP-UX running ftp where the vulnerability could be exploited remotely to allow unauthorized access. (HPSBUX01050 SSRT3456) last seen 2020-06-01 modified 2020-06-02 plugin id 16908 published 2005-02-16 reporter This script is Copyright (C) 2005-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16908 title HP-UX PHNE_29461 : s700_800 11.11 ftpd(1M) and ftp(1) patch code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_29461. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(16908); script_version("$Revision: 1.16 $"); script_cvs_date("$Date: 2016/01/14 15:20:32 $"); script_cve_id("CVE-2003-0466", "CVE-2004-1332"); script_xref(name:"HP", value:"emr_na-c00951272"); script_xref(name:"HP", value:"emr_na-c00951289"); script_xref(name:"HP", value:"emr_na-c01035676"); script_xref(name:"HP", value:"HPSBUX00277"); script_xref(name:"HP", value:"HPSBUX01050"); script_xref(name:"HP", value:"HPSBUX01118"); script_xref(name:"HP", value:"SSRT3456"); script_xref(name:"HP", value:"SSRT3606"); script_xref(name:"HP", value:"SSRT4883"); script_name(english:"HP-UX PHNE_29461 : s700_800 11.11 ftpd(1M) and ftp(1) patch"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.11 ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - The wu-ftpd program is potentially vulnerable to a buffer overflow. (HPSBUX00277 SSRT3606) - A potential security vulnerability has been identified with HP-UX running ftpd, where a buffer overflow in ftpd could be remotely exploited to allow an unauthorized user to gain privileged access. (HPSBUX01118 SSRT4883) - A potential security vulnerability has been identified with HP-UX running ftp where the vulnerability could be exploited remotely to allow unauthorized access. (HPSBUX01050 SSRT3456)" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00951272 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6ca73dfe" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00951289 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?353e3f75" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01035676 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0e3b95fe" ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_29461 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2003/12/17"); script_set_attribute(attribute:"patch_modification_date", value:"2007/04/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2016 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.11")) { exit(0, "The host is not affected since PHNE_29461 applies to a different OS release."); } patches = make_list("PHNE_29461", "PHNE_30432", "PHNE_30990", "PHNE_33412", "PHNE_34544", "PHNE_36129", "PHNE_36192", "PHNE_38458", "PHNE_40774"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.11")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE_SA_2003_032.NASL description The remote host is missing the patch for the advisory SUSE-SA:2003:032 (wuftpd). Janusz Niewiadomski and Wojciech Purczynski of iSEC Security Research have found a single byte buffer overflow in the Washington University ftp daemon (wuftpd), a widely used ftp server for Linux-like systems. It is yet unclear if this bug is (remotely) exploitable. Positive exploitability may result in a remote root compromise of a system running the wuftpd ftp daemon. Notes: * SUSE LINUX products do not contain wuftpd any more starting with SUSE Linux 8.0 and SUSE LINUX Enterprise Server 8. The wuftpd package has been substituted by a different server implementation of the file transfer protocol server. * The affected wuftpd packages in products as stated in the header of this announcement actually ship two different wuftpd ftp daemon versions: The older version 2.4.x that is installed as /usr/sbin/wu.ftpd, the newer version 2.6 is installed as /usr/sbin/wu.ftpd-2.6 . The 2.4.x version does not contain the defective parts of the code and is therefore not vulnerable to the weakness found. * If you are using the wuftpd ftp daemon in version 2.4.x, you might want to update the package anyway in order not to risk an insecure configuration once you switch to the newer version. There exists no workaround that can fix this vulnerability on a temporary basis other than just using the 2.4.x version as mentioned above. The proper fix for the weakness is to update the package using the provided update packages. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command last seen 2020-06-01 modified 2020-06-02 plugin id 13801 published 2004-07-25 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13801 title SUSE-SA:2003:032: wuftpd code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2003:032 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(13801); script_bugtraq_id(8315); script_version ("1.16"); script_cve_id("CVE-2003-0466"); name["english"] = "SUSE-SA:2003:032: wuftpd"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2003:032 (wuftpd). Janusz Niewiadomski and Wojciech Purczynski of iSEC Security Research have found a single byte buffer overflow in the Washington University ftp daemon (wuftpd), a widely used ftp server for Linux-like systems. It is yet unclear if this bug is (remotely) exploitable. Positive exploitability may result in a remote root compromise of a system running the wuftpd ftp daemon. Notes: * SUSE LINUX products do not contain wuftpd any more starting with SUSE Linux 8.0 and SUSE LINUX Enterprise Server 8. The wuftpd package has been substituted by a different server implementation of the file transfer protocol server. * The affected wuftpd packages in products as stated in the header of this announcement actually ship two different wuftpd ftp daemon versions: The older version 2.4.x that is installed as /usr/sbin/wu.ftpd, the newer version 2.6 is installed as /usr/sbin/wu.ftpd-2.6 . The 2.4.x version does not contain the defective parts of the code and is therefore not vulnerable to the weakness found. * If you are using the wuftpd ftp daemon in version 2.4.x, you might want to update the package anyway in order not to risk an insecure configuration once you switch to the newer version. There exists no workaround that can fix this vulnerability on a temporary basis other than just using the 2.4.x version as mentioned above. The proper fix for the weakness is to update the package using the provided update packages. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command 'rpm -Fhv file.rpm' to apply the update." ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/2003_032_wuftpd.html" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/25"); script_cvs_date("Date: 2019/10/25 13:36:27"); script_end_attributes(); summary["english"] = "Check for the version of the wuftpd package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"wuftpd-2.6.0-403", release:"SUSE7.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"wuftpd-2.6.0-403", release:"SUSE7.3") ) { security_hole(0); exit(0); } if (rpm_exists(rpm:"wuftpd-", release:"SUSE7.2") || rpm_exists(rpm:"wuftpd-", release:"SUSE7.3") ) { set_kb_item(name:"CVE-2003-0466", value:TRUE); }
Oval
accepted | 2010-09-20T04:00:18.853-04:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
description | Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. | ||||||||||||
family | unix | ||||||||||||
id | oval:org.mitre.oval:def:1970 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2005-04-13T12:00:00.000-04:00 | ||||||||||||
title | Off-by-one Error in fb_realpath() | ||||||||||||
version | 38 |
Redhat
advisories |
|
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc
- http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html
- http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html
- http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01
- http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01
- http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt
- http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt
- http://marc.info/?l=bugtraq&m=105967301604815&w=2
- http://marc.info/?l=bugtraq&m=105967301604815&w=2
- http://marc.info/?l=bugtraq&m=106001410028809&w=2
- http://marc.info/?l=bugtraq&m=106001410028809&w=2
- http://marc.info/?l=bugtraq&m=106001702232325&w=2
- http://marc.info/?l=bugtraq&m=106001702232325&w=2
- http://marc.info/?l=bugtraq&m=106002488209129&w=2
- http://marc.info/?l=bugtraq&m=106002488209129&w=2
- http://secunia.com/advisories/9423
- http://secunia.com/advisories/9423
- http://secunia.com/advisories/9446
- http://secunia.com/advisories/9446
- http://secunia.com/advisories/9447
- http://secunia.com/advisories/9447
- http://secunia.com/advisories/9535
- http://secunia.com/advisories/9535
- http://securitytracker.com/id?1007380
- http://securitytracker.com/id?1007380
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001257.1-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001257.1-1
- http://www.debian.org/security/2003/dsa-357
- http://www.debian.org/security/2003/dsa-357
- http://www.kb.cert.org/vuls/id/743092
- http://www.kb.cert.org/vuls/id/743092
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:080
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:080
- http://www.novell.com/linux/security/advisories/2003_032_wuftpd.html
- http://www.novell.com/linux/security/advisories/2003_032_wuftpd.html
- http://www.osvdb.org/6602
- http://www.osvdb.org/6602
- http://www.redhat.com/support/errata/RHSA-2003-245.html
- http://www.redhat.com/support/errata/RHSA-2003-245.html
- http://www.redhat.com/support/errata/RHSA-2003-246.html
- http://www.redhat.com/support/errata/RHSA-2003-246.html
- http://www.securityfocus.com/archive/1/424852/100/0/threaded
- http://www.securityfocus.com/archive/1/424852/100/0/threaded
- http://www.securityfocus.com/archive/1/425061/100/0/threaded
- http://www.securityfocus.com/archive/1/425061/100/0/threaded
- http://www.securityfocus.com/bid/8315
- http://www.securityfocus.com/bid/8315
- http://www.turbolinux.com/security/TLSA-2003-46.txt
- http://www.turbolinux.com/security/TLSA-2003-46.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12785
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12785
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1970
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1970