WU-FTPD Vulnerability
Summary
Root access via the wuarchive FTPD server.
Impact
Unauthorized remote root access to system.
Background
The wuarchive FTPD daemon (or WU-FTPD) is a highly modified version
(and significantly larger) version of FTPD that provides extra logging,
limited remote command support, and other features to the standard
BSD version of FTPD. The additional code adds greatly to the complexity,
and multiple significant software bugs have been found in it.
The problem
There is a race condition in the code, as well as a bug in the
SITE EXEC command, that allows anyone (remote or local) root
access on a host running a vulnerable FTPD daemon.
Support for anonymous FTP is not required to exploit this vulnerability.
Fix
- Don't use extended or modified FTPD daemons unless they are necessary -
venders code is typically more stable and secure.
- Upgrade to a more recent version of WU-FTPD; it can be found at the
wuarchive ftp site.
- Restrict FTP access by using a tcp wrapper.
See also