A remote overflow exists in wu-ftpd. A SockPrintf call in ftpd.c fails to properly check bounds on a pathname when wu-ftpd is compiled with MAIL_ADMIN enabled resulting in a buffer overflow. With a specially crafted request, an attacker can possibly execute arbitrary code as the user wu-ftpd runs as (usually root) resulting in a loss of integrity, and/or availability.

It should be noted that this vulnerability may not be exploitable on most systems. It relies on creating a very long file name (greater than 32778 bytes), but on many systems, it is not possible to create a file name that long.

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): do not compile wu-ftpd with MAIL_ADMIN defined/enabled (by default, MAIL_ADMIN is not defined).

• Security Tracker: 1007775
• ISS X-Force ID: 13269
• CVE ID: 2003-1327 (see also: NVD)
• SCIP VulDB ID: 298
• Bugtraq ID: 8668
• Secunia Advisory ID: 9835
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-09/0348.html
• Other Advisory URL: http://www.slackware.org/security/viewer.php?l=slackware-security&y=2003&m=slackware-security.365971

• Adam Zabrocki - pi3ki31nywp.pl - Personal Page