dcsimg
Linux Today: Linux News On Internet Time.





wu-ftpd contains exploitable vulnerability

Mar 23, 1999, 12:28 (2 Talkback[s])

Pieter Nieuwenhuijsen has posted a vulnerability to BUGTRAQ that exploits a security bug in the wu-ftpd [beta-18] that is shipped with Red Hat Linux 5.2, and possibly ot her distributions.

Here is the comment section at the beginning of "duke"'s exploit:

THIS IS PRIVATE! DO NOT DISTRIBUTE!!!!   PRIVATE!

WU-FTPD REMOTE EXPLOIT Version wu-2.4.2-academ[BETA-18](1)
for linux x86 (redhat 5.2)

by duke
duke@viper.net.au

BIG thanks to stran9er for alot of help with part of the shellcode!
i fear stran9er, but who doesn't? !@$ :)

Greets to: #!ADM, el8.org users,

To exploit this remotely they need to have a directory you can 
have write privlidges to.. this is the <dir> argument.. you can
also use this locally by specifying -l <ur login> -p <urpass> with the
<dir> = your home directory or something..(must begin with '/')
also alignment arg is how return address  is aligned.. shouldnt need it,
but if u do it should be between 0 and 3 

It takes about 10 seconds after "logged in" so be patient.
-duke

Per his request, we will not distribute the exploit here on Linux Today. Please take appropriate security measures at your site.