Linux Today: Linux News On Internet Time.

wu-ftpd contains exploitable vulnerability

Mar 23, 1999, 12:28 (2 Talkback[s])

Pieter Nieuwenhuijsen has posted a vulnerability to BUGTRAQ that exploits a security bug in the wu-ftpd [beta-18] that is shipped with Red Hat Linux 5.2, and possibly ot her distributions.

Here is the comment section at the beginning of "duke"'s exploit:


WU-FTPD REMOTE EXPLOIT Version wu-2.4.2-academ[BETA-18](1)
for linux x86 (redhat 5.2)

by duke

BIG thanks to stran9er for alot of help with part of the shellcode!
i fear stran9er, but who doesn't? !@$ :)

Greets to: #!ADM, el8.org users,

To exploit this remotely they need to have a directory you can 
have write privlidges to.. this is the <dir> argument.. you can
also use this locally by specifying -l <ur login> -p <urpass> with the
<dir> = your home directory or something..(must begin with '/')
also alignment arg is how return address  is aligned.. shouldnt need it,
but if u do it should be between 0 and 3 

It takes about 10 seconds after "logged in" so be patient.

Per his request, we will not distribute the exploit here on Linux Today. Please take appropriate security measures at your site.