• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

wu-ftpd /bin SITE EXEC Misconfiguration Vulnerability

Due to a misconfiguration in the configuration file pathnames.h, some distributed binaries of wuftp version 2.4.1 and earlier allow an attacker with an FTP account on the system to gain root access. This is accomplished by running the "site exec" command. The problem lies in the fact that pathnames.h erroneously set _PATH_EXECPATH to /bin - this pathname is relative to ~ftp for anonymous users, but for users with accounts it is relative to / and therefore specifies the real /bin rather than ~ftp/bin. If SITE EXEC is enabled, the user can gain root access by running a shell or other command using site exec.