J-Security Center

Title: Wu-Ftpd Debug Mode Client Hostname Format String Vulnerability

Severity: HIGH

Description:

Wu-ftpd is a widely used unix ftp server. It contains a format string vulnerability that may be exploitable under certain (perhaps even 'extreme') circumstances.

If wu-ftpd is running in debug mode (ie, started by inetd with the -d or -v flag) it may be possible for an attacker to exploit a format string attack. When in debug mode, Wu-ftpd logs user commands and server responses via syslog() with 'DEBUG' designation. When a passive file transfer is initiated by the user (real or anonymous), this message is written to syslog:

PASV port X assigned to HOSTNAME

This string containing this message is constructed before the call to syslog(). The value of HOSTNAME within the string is resolved by the server.

This string is then passed to syslog as its format string argument. As a result, any format specifiers that are within the string will be interpreted and acted upon. This could be exploited in the typical manner format string vulnerabilities are exploited.

It is not known if any distributions of Wu-ftpd or distributions of software including Wu-ftpd ship with debug mode on by default.

Affected Products:

  • Caldera OpenLinux 2.3.0
  • Caldera OpenLinux 2.4.0
  • Caldera OpenLinux Desktop 2.3.0
  • Caldera OpenLinux Server 3.1.0
  • Caldera OpenLinux Standard 1.2.0
  • Cobalt Qube 1.0.0
  • Conectiva Linux 4.0.0
  • Conectiva Linux 4.0.0 es
  • Conectiva Linux 4.1.0
  • Conectiva Linux 4.2.0
  • Conectiva Linux 5.0.0
  • Conectiva Linux 5.1.0
  • Conectiva Linux 6.0.0
  • Conectiva Linux 7.0.0
  • Conectiva Linux 8.0.0
  • Debian Linux 2.2.0
  • Debian Linux 2.2.0 68k
  • Debian Linux 2.2.0 alpha
  • Debian Linux 2.2.0 arm
  • Debian Linux 2.2.0 powerpc
  • Debian Linux 2.2.0 sparc
  • HP HP-UX 11.0.0
  • HP HP-UX 11.11.0
  • MandrakeSoft Corporate Server 1.0.1
  • MandrakeSoft Linux Mandrake 6.0.0
  • MandrakeSoft Linux Mandrake 6.1.0
  • MandrakeSoft Linux Mandrake 7.0.0
  • MandrakeSoft Linux Mandrake 7.1.0
  • MandrakeSoft Linux Mandrake 7.2.0
  • MandrakeSoft Linux Mandrake 8.0.0
  • MandrakeSoft Linux Mandrake 8.0.0 ppc
  • MandrakeSoft Linux Mandrake 8.1.0
  • RedHat Linux 5.2.0 alpha
  • RedHat Linux 5.2.0 i386
  • RedHat Linux 5.2.0 sparc
  • RedHat Linux 6.0.0
  • RedHat Linux 6.0.0 alpha
  • RedHat Linux 6.0.0 sparc
  • RedHat Linux 6.1.0 alpha
  • RedHat Linux 6.1.0 i386
  • RedHat Linux 6.1.0 sparc
  • RedHat Linux 6.2.0 alpha
  • RedHat Linux 6.2.0 i386
  • RedHat Linux 6.2.0 sparc
  • RedHat Linux 7.0.0 alpha
  • RedHat Linux 7.0.0 i386
  • RedHat Linux 7.0.0 sparc
  • RedHat Linux 7.1.0 alpha
  • RedHat Linux 7.1.0 i386
  • RedHat Linux 7.1.0 i586
  • RedHat Linux 7.1.0 i686
  • RedHat Linux 7.1.0 ia64
  • RedHat Linux 7.1.0 noarch
  • RedHat Linux 7.2.0 alpha
  • RedHat Linux 7.2.0 athlon
  • RedHat Linux 7.2.0 i386
  • RedHat Linux 7.2.0 i586
  • RedHat Linux 7.2.0 i686
  • RedHat Linux 7.2.0 ia64
  • RedHat Linux 7.2.0 noarch
  • S.u.S.E. Linux 6.1.0
  • S.u.S.E. Linux 6.1.0 alpha
  • S.u.S.E. Linux 6.2.0
  • S.u.S.E. Linux 6.3.0
  • S.u.S.E. Linux 6.3.0 alpha
  • S.u.S.E. Linux 6.3.0 ppc
  • S.u.S.E. Linux 6.4.0
  • S.u.S.E. Linux 6.4.0 alpha
  • S.u.S.E. Linux 6.4.0 ppc
  • S.u.S.E. Linux 7.0.0 alpha
  • S.u.S.E. Linux 7.0.0 i386
  • S.u.S.E. Linux 7.0.0 ppc
  • S.u.S.E. Linux 7.0.0 sparc
  • S.u.S.E. Linux 7.1.0 alpha
  • S.u.S.E. Linux 7.1.0 ppc
  • S.u.S.E. Linux 7.1.0 sparc
  • S.u.S.E. Linux 7.1.0 x86
  • S.u.S.E. Linux 7.2.0 i386
  • S.u.S.E. Linux 7.3.0 i386
  • S.u.S.E. Linux 7.3.0 ppc
  • S.u.S.E. Linux 7.3.0 sparc
  • SCO Open Server 5.0.0
  • SCO Open Server 5.0.1
  • SCO Open Server 5.0.2
  • SCO Open Server 5.0.3
  • SCO Open Server 5.0.4
  • SCO Open Server 5.0.5
  • SCO Open Server 5.0.6
  • SCO Open Server 5.0.6 a
  • SCO eDesktop 2.4.0
  • SCO eServer 2.3.0
  • SCO eServer 2.3.1
  • Turbolinux Turbolinux 4.0.0
  • Turbolinux Turbolinux 6.0.0
  • Turbolinux Turbolinux 6.0.1
  • Turbolinux Turbolinux 6.0.2
  • Turbolinux Turbolinux 6.0.3
  • Turbolinux Turbolinux 6.0.4
  • Turbolinux Turbolinux 6.0.5
  • Turbolinux Turbolinux Workstation 6.1.0
  • Washington University wu-ftpd 2.4.1
  • Washington University wu-ftpd 2.4.2 (beta 18) VR10
  • Washington University wu-ftpd 2.4.2 (beta 18) VR11
  • Washington University wu-ftpd 2.4.2 (beta 18) VR12
  • Washington University wu-ftpd 2.4.2 (beta 18) VR13
  • Washington University wu-ftpd 2.4.2 (beta 18) VR14
  • Washington University wu-ftpd 2.4.2 (beta 18) VR15
  • Washington University wu-ftpd 2.4.2 (beta 18) VR4
  • Washington University wu-ftpd 2.4.2 (beta 18) VR5
  • Washington University wu-ftpd 2.4.2 (beta 18) VR6
  • Washington University wu-ftpd 2.4.2 (beta 18) VR7
  • Washington University wu-ftpd 2.4.2 (beta 18) VR8
  • Washington University wu-ftpd 2.4.2 (beta 18) VR9
  • Washington University wu-ftpd 2.4.2 VR16
  • Washington University wu-ftpd 2.4.2 VR17
  • Washington University wu-ftpd 2.4.2 academ[BETA-18]
  • Washington University wu-ftpd 2.4.2 academ[BETA1-15]
  • Washington University wu-ftpd 2.5.0 .0
  • Washington University wu-ftpd 2.6.0 .0
  • Washington University wu-ftpd 2.6.1
  • WireX Immunix OS 6.2.0
  • WireX Immunix OS 7+
  • WireX Immunix OS 7.0.0
  • WireX Immunix OS 7.0.0 -Beta

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.