Family: Debian Local Security Checks --> Category: infos
[DSA457] DSA-457-1 wu-ftpd Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Two vulnerabilities were discovered in wu-ftpd:
Glenn Stewart discovered that users could bypass the
directory access restrictions imposed by the restricted-gid option by
changing the permissions on their home directory. On a subsequent
login, when access to the user's home directory was denied, wu-ftpd
would fall back to the root directory.
A buffer overflow existed in wu-ftpd's code which
deals with S/key authentication.
For the stable distribution (woody) these problems have been fixed in
For the unstable distribution (sid) these problems have been fixed in
We recommend that you update your wu-ftpd package.
Solution : http://www.debian.org/security/2004/dsa-457
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.