2.6.1

DATE	CVE	VULNERABILITY TITLE	RISK
2005-05-02	CVE-2005-0256	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Washington University Wu-Ftpd 2.6.1/2.6.2 The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command. network low complexity washington-university CWE-119	5.0
2004-04-15	CVE-2004-0148	wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead. local low complexity sgi washington-university	7.2
2003-11-17	CVE-2003-0854	ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd. local low complexity gnu washington-university	2.1
2003-11-17	CVE-2003-0853	Integer Overflow vulnerability in Coreutils LS Width Argument An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd. network low complexity gnu washington-university	5.0
2001-11-30	CVE-2001-0550	wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob). network low complexity david-madore washington-university	7.5
2001-11-28	CVE-2001-0935	Remote Security vulnerability in Washington University Wu-Ftpd 2.4/2.6.0/2.6.1 Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550. network low complexity washington-university	7.5