WU-FTPD Vulnerability


Summary

Root access via the wuarchive FTPD server.

Impact

Unauthorized remote root access to system.

Background

The wuarchive FTPD daemon (or WU-FTPD) is a highly modified (and significantly larger) version of FTPD that provides extra logging, limited remote command support, and other features to the standard BSD version of FTPD. The additional code adds greatly to the complexity, and multiple significant software bugs have been found in it.

The problem

There is a race condition in the code, as well as a bug in the SITE EXEC command, that allows anyone (remote or local) root access on a host running a vulnerable FTPD daemon. Support for anonymous FTP is not required to exploit this vulnerability.

Fix

See also