Vulnerabilities > CVE-2003-1327 - Unspecified vulnerability in Washington University Wu-Ftpd

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator.

Vulnerable Configurations

Part Description Count
OS
Linux
1
Application
Washington_University
1

Nessus

  • NASL familyFTP
    NASL idWU_FTPD_MAIL_ADMIN.NASL
    descriptionTh remote Wu-FTPD server fails to properly check bounds on a pathname when Wu-Ftpd is compiled with MAIL_ADMIN enabled resulting in a buffer overflow. With a specially crafted request, an attacker can possibly execute arbitrary code as the user Wu-Ftpd runs as (usually root) resulting in a loss of integrity, and/or availability. It should be noted that this vulnerability is not present within the default installation of Wu-Ftpd. The server must be configured using the
    last seen2020-06-01
    modified2020-06-02
    plugin id14371
    published2004-08-25
    reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14371
    titleWU-FTPD MAIL_ADMIN Function Remote Overflow
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
     script_id(14371);
     script_version("1.22");
    
     script_cve_id("CVE-2003-1327");
     script_bugtraq_id(8668);
     
     script_name(english:"WU-FTPD MAIL_ADMIN Function Remote Overflow");
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote FTP server is affected by a buffer overflow vulnerability." );
     script_set_attribute(attribute:"description", value:
    "Th remote Wu-FTPD server fails to properly check bounds on a pathname
    when Wu-Ftpd is compiled with MAIL_ADMIN enabled resulting in a buffer
    overflow.  With a specially crafted request, an attacker can possibly
    execute arbitrary code as the user Wu-Ftpd runs as (usually root)
    resulting in a loss of integrity, and/or availability. 
    
    It should be noted that this vulnerability is not present within the
    default installation of Wu-Ftpd. 
    
    The server must be configured using the 'MAIL_ADMIN' option to notify
    an administrator when a file has been uploaded. 
    
    *** Nessus solely relied on the banner of the remote server
    *** to issue this warning, so it may be a false positive." );
     script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2003/Sep/336");
     script_set_attribute(attribute:"solution", value:
    "Upgrade to Wu-FTPd 2.6.3 or later." );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"false");
    		
     script_set_attribute(attribute:"plugin_publication_date", value: "2004/08/25");
     script_set_attribute(attribute:"vuln_publication_date", value: "2003/09/22");
     script_cvs_date("Date: 2018/11/15 20:50:22");
    script_set_attribute(attribute:"potential_vulnerability", value:"true");
    script_set_attribute(attribute:"plugin_type", value:"remote");
    script_end_attributes();
    
    		    
     
     script_summary(english:"Checks the banner of the remote wu-ftpd server");
     script_category(ACT_GATHER_INFO);
     script_family(english:"FTP");
     
     script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
    		  
     script_dependencie("ftpserver_detect_type_nd_version.nasl", "ftp_anonymous.nasl");
     script_require_keys("ftp/login", "ftp/wuftpd", "Settings/ParanoidReport");
     script_require_ports("Services/ftp", 21);
      
     exit(0);
    }
    
    #
    # The script code starts here : 
    #
    include("ftp_func.inc");
    include("backport.inc");
    include("global_settings.inc");
    include("audit.inc");
    
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    port = get_ftp_port(default: 21);
    
    banner = get_backport_banner(banner:get_ftp_banner(port: port));
    if (! banner) exit(1);
    if(egrep(pattern:".*(wu|wuftpd)-2\.6\.[012].*", string:banner)) security_hole(port);
    
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2003-259-03.NASL
    descriptionUpgraded WU-FTPD packages are available for Slackware 9.0 and - -current. These fix a problem where an attacker could use a specially crafted filename in conjunction with WU-FTPD
    last seen2020-06-01
    modified2020-06-02
    plugin id18726
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18726
    titleSlackware 9.0 / current : WU-FTPD Security Advisory (SSA:2003-259-03)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2003-259-03. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(18726);
      script_version("1.15");
      script_cvs_date("Date: 2019/10/25 13:36:20");
    
      script_cve_id("CVE-2003-1327");
      script_xref(name:"SSA", value:"2003-259-03");
    
      script_name(english:"Slackware 9.0 / current : WU-FTPD Security Advisory (SSA:2003-259-03)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Upgraded WU-FTPD packages are available for Slackware 9.0 and -
    -current. These fix a problem where an attacker could use a specially
    crafted filename in conjunction with WU-FTPD's conversion feature
    (mostly used to compress files, or produce tar archives) to execute
    arbitrary commands on the server. In addition, a MAIL_ADMIN which has
    been found to be insecure has been disabled. We do not recommend
    deploying WU-FTPD in situations where security is required."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2003&m=slackware-security.365971
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ea5b1806"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected wu-ftpd package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:wu-ftpd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2003/09/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13");
      script_set_attribute(attribute:"vuln_publication_date", value:"2003/09/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"9.0", pkgname:"wu-ftpd", pkgver:"2.6.2", pkgarch:"i386", pkgnum:"3")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"wu-ftpd", pkgver:"2.6.2", pkgarch:"i486", pkgnum:"3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");