Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow malicious users to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 up to and including 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wuftpd wu-ftpd |
||
redhat wu ftpd 2.6.1-16 |
||
apple mac os x server 10.2.6 |
||
apple mac os x 10.2.6 |
||
sun solaris 9.0 |
||
freebsd freebsd |
||
netbsd netbsd |
||
openbsd openbsd |