• info
• discussion
• exploit
• solution
• references

Wu-Ftpd Debug Mode Client Hostname Format String Vulnerability

Solution:
Debian has released both upgraded packages and diff files that fix this vulnerability.

Washington University has released a patch that will fix this vulnerability.

HP has released a revised advisory (HPSBUX0201-180 - rev.2) to address this issue. Please see the referenced advisory for more information.


Washington University wu-ftpd 2.6 .0

• Debian 2.2 i386 wu-ftpd_2.6.0-5.2.1_i386.deb
  http://security.debian.org/dists/stable/updates/main/binary-i386/wu-ft pd_2.6.0-5.2.1_i386.deb


• HP WU-FTPD 2.6.1
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=WUFTPD26


• Washington University missing_format_strings.patch
  ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_6.0.1/missing_forma t_strings.patch

Washington University wu-ftpd 2.6.1

• Washington University missing_format_strings.patch
  ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_6.0.1/missing_forma t_strings.patch