7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.5 High
AI Score
Confidence
High
0.961 High
EPSS
Percentile
99.5%
The remote host is missing an update to wu-ftpd
announced via advisory DSA 087-1.
# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.53827");
script_cve_id("CVE-2001-0550");
script_version("2023-07-19T05:05:15+0000");
script_tag(name:"last_modification", value:"2023-07-19 05:05:15 +0000 (Wed, 19 Jul 2023)");
script_tag(name:"creation_date", value:"2008-01-17 14:24:38 +0100 (Thu, 17 Jan 2008)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_name("Debian Security Advisory DSA 087-1 (wu-ftpd)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 E-Soft Inc.");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB2\.2");
script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20087-1");
script_tag(name:"insight", value:"CORE ST reports that an exploit has been found for a bug in the wu-ftpd
glob code (this is the code that handles filename wildcard expansion).
Any logged in user (including anonymous ftp users) can exploit the bug
to gain root privilege on the server.
This has been corrected in version 2.6.0-6 of the wu-ftpd package.");
script_tag(name:"summary", value:"The remote host is missing an update to wu-ftpd
announced via advisory DSA 087-1.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
res = "";
report = "";
if((res = isdpkgvuln(pkg:"wu-ftpd-academ", ver:"2.6.0-6", rls:"DEB2.2")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"wu-ftpd", ver:"2.6.0-6", rls:"DEB2.2")) != NULL) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}