Vulnerability: Washington University FTP daemon (WU-FTPD)

Internet Security Systems has issued a report detailing a proof of concept exploit for a vulnerability in Washington University's FTP daemon (WU-FTPD).

The WU-FTPD daemon allows users to transfer files to and from the system running the service, using the File Transport Protocol (FTP). Many popular Linux distributions are shipped with WU-FTPD running by default.

A vulnerability exists that may allow attackers to execute arbitrary code with the privileges of the FTP daemon (most often root), resulting in a complete system compromise.

For full information of which Linux distributions and versions are affected, go to: http://xforce.iss.net/static/7611.phpMore information can also be found at http://www.cert.org/advisories/CA-2001-33.html