WU-FTPD ABOR Privilege Escalation

1997-01-04T12:30:21
ID OSVDB:8718
Type osvdb
Reporter David Greenman(dg@root.com)
Modified 1997-01-04T12:30:21

Description

Vulnerability Description

wu-ftpd contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an ftp client is transferring a file, then closes the connection and sends an ABOR command, which causes the server to execute the dologout() function, allowing the user to gain root privileges. This flaw may lead to a loss of confidentiality and/or integrity.

Solution Description

Upgrade to version 2.4.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

wu-ftpd contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an ftp client is transferring a file, then closes the connection and sends an ABOR command, which causes the server to execute the dologout() function, allowing the user to gain root privileges. This flaw may lead to a loss of confidentiality and/or integrity.

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1997_1/0014.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1997_1/0007.html ISS X-Force ID: 7169 CVE-1999-1326