Bugtraq mailing list archives
Re: Possible WU-ftpd Worm ?
From: lundberg () WU-FTPD ORG (Gregory A Lundberg)
Date: Wed, 14 Apr 1999 13:51:46 -0400
On Wed, 14 Apr 1999, Stu Alchor wrote:
As I've run the old ftp exploit I found in the bugtraq and they didn't work so I thought we were not vulnerable. I will attach the core of the ftp worm (SDI-wu.c), the exploit for the vulnerability, which, btw, worked in my host.
strcpy ( tmp, "MKD "); strcat ( tmp, buff); strcat ( tmp, "\n");
This is the realpath() overflow discussed in http://www.cert.org/advisories/CA-99-03-FTP-Buffer-Overflows.html Please review that document to determine if your version of the WU-FTPD daemon is vulnerable. The addition of a backdoor (if true) is new, however. Anyone wishing to discuss this matter may contact me through either of the WU-FTPD discussion lists cc'd above or through private email. The location of the latest version of wu-ftpd can be found in the directory ftp://ftp.vr.net/pub/wu-ftpd/ wu-ftpd Resource Center: http://www.landfield.com/wu-ftpd/ wu-ftpd FAQ: http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html wu-ftpd list archive: http://www.landfield.com/wu-ftpd/mail-archive/ -- Gregory A Lundberg 1441 Elmdale Drive lundberg () wu-ftpd org Kettering, OH 45409-1615 USA 1-888-977-5370
Current thread:
- Re: ARP problem in Windows9X/NT, (continued)
- Re: ARP problem in Windows9X/NT kay (Apr 13)
- Serious security holes in web anonimyzing services Patrick Oonk (Apr 13)
- Re: Serious security holes in web anonimyzing services Jeremey Barrett (Apr 13)
- Re: ARP problem in Windows9X/NT route () RESENTMENT INFONEXUS COM (Apr 13)
- Re: ARP problem in Windows9X/NT gandalf () POBOX COM (Apr 13)
- Re: ARP problem in Windows9X/NT route () RESENTMENT INFONEXUS COM (Apr 13)
- Re: ARP problem in Windows9X/NT Alan DeKok (Apr 13)
- Re: ARP problem in Windows9X/NT Joseph Gooch (Apr 14)
- Re: ARP problem in Windows9X/NT gandalf () POBOX COM (Apr 15)
- Possible WU-ftpd Worm ? Stu Alchor (Apr 13)
- Re: Possible WU-ftpd Worm ? Gregory A Lundberg (Apr 14)
- Re: Possible WU-ftpd Worm ? Gregory Newby (Apr 14)
- Re: Possible WU-ftpd Worm ? M.Brands (Apr 14)
- Real Media Server stores passwords in plain text Francisco M. Marzoa Alonso (Apr 14)
- Announce: Secure UNIX Programming FAQ Thamer Al-Herbish (Apr 13)
- Bugs in anonymity services Avi Rubin (Apr 13)