WU-FTPD rnfr File Overwrite

1999-08-27T00:00:00
ID OSVDB:8717
Type osvdb
Reporter OSVDB
Modified 1999-08-27T00:00:00

Description

Vulnerability Description

wu-ftpd contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when an attacker sends a specially formed rnfr command. It is possible that the flaw may allow the attacker to overwrite any file on the system as root resulting in a loss of integrity.

Solution Description

Upgrade to version 2.4.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

wu-ftpd contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when an attacker sends a specially formed rnfr command. It is possible that the flaw may allow the attacker to overwrite any file on the system as root resulting in a loss of integrity.

References:

Vendor URL: http://www.wu-ftpd.org/ Snort Signature ID: 1622 ISS X-Force ID: 324 CVE-1999-0081