Pieter Nieuwenhuijsen has
posted a vulnerability to BUGTRAQ that exploits a security bug in
the wu-ftpd [beta-18] that is shipped with Red Hat Linux 5.2, and
possibly ot her distributions.
Here is the comment section at the beginning of “duke”‘s exploit:
THIS IS PRIVATE! DO NOT DISTRIBUTE!!!! PRIVATE! WU-FTPD REMOTE EXPLOIT Version wu-2.4.2-academ[BETA-18](1) for linux x86 (redhat 5.2) by duke duke@viper.net.au BIG thanks to stran9er for alot of help with part of the shellcode! i fear stran9er, but who doesn't? !@$ :) Greets to: #!ADM, el8.org users, To exploit this remotely they need to have a directory you can have write privlidges to.. this is the <dir> argument.. you can also use this locally by specifying -l <ur login> -p <urpass> with the <dir> = your home directory or something..(must begin with '/') also alignment arg is how return address is aligned.. shouldnt need it, but if u do it should be between 0 and 3 It takes about 10 seconds after "logged in" so be patient. -duke
Per his request, we will not distribute the exploit here on
Linux Today. Please take appropriate security measures at your
site.