Lucene search
Copyright (C) 2008 E-Soft Inc.OPENVAS:136141256231053827HistoryJan 17, 2008 - 12:00 a.m.
Debian Security Advisory DSA 087-1 (wu-ftpd)
2008-01-1700:00:00
Copyright (C) 2008 E-Soft Inc.
plugins.openvas.org
3
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.5 High
AI Score
Confidence
High
0.961 High
EPSS
Percentile
99.5%
The remote host is missing an update to wu-ftpd
announced via advisory DSA 087-1.
# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.53827");
script_cve_id("CVE-2001-0550");
script_version("2023-07-19T05:05:15+0000");
script_tag(name:"last_modification", value:"2023-07-19 05:05:15 +0000 (Wed, 19 Jul 2023)");
script_tag(name:"creation_date", value:"2008-01-17 14:24:38 +0100 (Thu, 17 Jan 2008)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_name("Debian Security Advisory DSA 087-1 (wu-ftpd)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 E-Soft Inc.");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB2\.2");
script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20087-1");
script_tag(name:"insight", value:"CORE ST reports that an exploit has been found for a bug in the wu-ftpd
glob code (this is the code that handles filename wildcard expansion).
Any logged in user (including anonymous ftp users) can exploit the bug
to gain root privilege on the server.
This has been corrected in version 2.6.0-6 of the wu-ftpd package.");
script_tag(name:"summary", value:"The remote host is missing an update to wu-ftpd
announced via advisory DSA 087-1.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
res = "";
report = "";
if((res = isdpkgvuln(pkg:"wu-ftpd-academ", ver:"2.6.0-6", rls:"DEB2.2")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"wu-ftpd", ver:"2.6.0-6", rls:"DEB2.2")) != NULL) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
Related
nvd
nvd
CVE-2001-0550
2001-11-30 05:00:00
CVE-2001-0935
2001-11-28 05:00:00
cvelist
cvelist
CVE-2001-0550
2002-06-25 04:00:00
CVE-2001-0935
2002-02-02 05:00:00
nessus
nessus
Mandrake Linux Security Advisory : wu-ftpd (MDKSA-2001:090)
2004-07-31 00:00:00
Debian DSA-087-1 : wu-ftpd - remote root exploit
2004-09-29 00:00:00
Multiple FTPD glob Command Arbitrary Command Execution
2001-12-06 00:00:00
openvas
openvas
Debian Security Advisory DSA 087-1 (wu-ftpd)
2008-01-17 00:00:00
FTPD glob Heap Corruption
2005-11-03 00:00:00
FTPD glob Heap Corruption
2005-11-03 00:00:00
cert
cert
WU-FTPD does not properly handle file name globbing
2001-11-28 00:00:00
cve
cve
CVE-2001-0550
2002-06-25 04:00:00
CVE-2001-0935
2002-02-02 05:00:00
securityvulns
securityvulns
ISS Security Alert: WU-FTPD Heap Corruption Vulnerability
2001-11-30 00:00:00
Advisory CA-2001-33 Multiple Vulnerabilities in WU-FTPD
2001-11-30 00:00:00
canvas
canvas
Immunity Canvas: WUGLOB
2001-11-30 05:00:00
suse
suse
remote root compromise in wuftpd
2001-11-28 22:54:50
redhatcve
redhatcve
CVE-2001-0935
2015-10-30 09:55:12
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.5 High
AI Score
Confidence
High
0.961 High
EPSS
Percentile
99.5%
Related for OPENVAS:136141256231053827