FTP: Command "site exec"
This signature detects attempts to exploit a configuration vulnerability in wuFTPd. Version 2.4.1 is susceptible. pathnames.h sets _PATH_EXECPATH to /bin, which is relative to ~ftp for anonymous users, but relative to / for users with accounts (specifying the actual /bin rather than ~ftp/bin). Attackers can establish an FTP account on the system and run the site exec command to gain access to the /bin directory.
Extended Description
Due to a misconfiguration in the configuration file pathnames.h, some distributed binaries of wuftp version 2.4.1 and earlier allow an attacker with an FTP account on the system to gain root access. This is accomplished by running the "site exec" command. The problem lies in the fact that pathnames.h erroneously set _PATH_EXECPATH to /bin - this pathname is relative to ~ftp for anonymous users, but for users with accounts it is relative to / and therefore specifies the real /bin rather than ~ftp/bin. If SITE EXEC is enabled, the user can gain root access by running a shell or other command using site exec.
Affected Products
Washington_university wu-ftpd
Short Name
FTP:COMMAND:SITE-EXEC
Severity
Minor
Recommended
False
Recommended Action
None
Category
FTP
Keywords
"site CVE-1999-0080 Command bid:2241 exec"
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Washington_university
CVSS Score
10.0