Wu-Ftpd Debug Mode Client Hostname Format String Vulnerability

Wu-ftpd is a widely used unix ftp server. It contains a format string vulnerability that may be exploitable under certain (perhaps 'extreme') circumstances.

When running in debug mode, Wu-ftpd logs user activity to syslog in an insecure manner. An attacker with control over the server's hostname resolving facility could exploit this vulnerability to get root access remotely on the victim host.


 

Privacy Statement
Copyright 2010, SecurityFocus