Washington University: >> Wu-Ftpd >> 2.4.2_beta18 Security Vulnerabilities
wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.
CVSS Score
7.2
EPSS Score
0.0
Published
2004-04-15
An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.
CVSS Score
5.0
EPSS Score
0.024
Published
2003-11-17
ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.
CVSS Score
2.1
EPSS Score
0.002
Published
2003-11-17
Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment.
CVSS Score
10.0
EPSS Score
0.068
Published
2001-03-26
FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.
CVSS Score
5.0
EPSS Score
0.127
Published
2000-07-07
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
CVSS Score
10.0
EPSS Score
0.483
Published
1999-02-09