Vulnerability: Washington University FTP daemon (WU-FTPD)
- 30 November, 2001 11:47
Internet Security Systems has issued a report detailing a proof of concept exploit for a vulnerability in Washington University's FTP daemon (WU-FTPD).
The WU-FTPD daemon allows users to transfer files to and from the system running the service, using the File Transport Protocol (FTP). Many popular Linux distributions are shipped with WU-FTPD running by default.
A vulnerability exists that may allow attackers to execute arbitrary code with the privileges of the FTP daemon (most often root), resulting in a complete system compromise.
For full information of which Linux distributions and versions are affected, go to: http://xforce.iss.net/static/7611.phpMore information can also be found at http://www.cert.org/advisories/CA-2001-33.html