Pieter Nieuwenhuijsen has
posted a vulnerability to BUGTRAQ that exploits a security bug in
the wu-ftpd [beta-18] that is shipped with Red Hat Linux 5.2, and
possibly ot her distributions.
Here is the comment section at the beginning of "duke"'s exploit:
THIS IS PRIVATE! DO NOT DISTRIBUTE!!!! PRIVATE!
WU-FTPD REMOTE EXPLOIT Version wu-2.4.2-academ[BETA-18](1)
for linux x86 (redhat 5.2)
BIG thanks to stran9er for alot of help with part of the shellcode!
i fear stran9er, but who doesn't? !@$ :)
Greets to: #!ADM, el8.org users,
To exploit this remotely they need to have a directory you can
have write privlidges to.. this is the <dir> argument.. you can
also use this locally by specifying -l <ur login> -p <urpass> with the
<dir> = your home directory or something..(must begin with '/')
also alignment arg is how return address is aligned.. shouldnt need it,
but if u do it should be between 0 and 3
It takes about 10 seconds after "logged in" so be patient.
Per his request, we will not distribute the exploit here on
Linux Today. Please take appropriate security measures at your