Published: 27/09/2005 Updated: 05/09/2008

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 470

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the SITE command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wzdftpd wzdftpd 0.5.4

"kcope" discovered that the wzdftpd FTP server lacks input sanitising for the SITE command, which may lead to the execution of arbitrary shell commands The old stable distribution (woody) does not contain wzdftpd packages For the stable distribution (sarge) this problem has been fixed in version 052-11sarge1 For the unstable distribution (sid ...

# Reference: wwwmilw0rmcom/idphp?id=1231 (wwwexploit-dbcom/exploits/1231/) (kcope) /str0ke # # Metasploit plugin for: Wzdftpd SITE Command Arbitrary Command Execution # 2005 11 26 - David Maciejak # package Msf::Exploit::wzdftpd_site; use base "Msf::Exploit"; use strict; use Pex::Text; my $advanced = { }; my $info = { 'Nam ...

###################################################### # 0day0day0day0day0day0day0day # ------------------------------- # wzdftpd remote exploit by kcope # nice call to popen(3) on custom # site commands # # August 2005 # confidential! keep private! # ------------------------------- # 0day0day0day0day0day0day0day # # ___ ___ ...

NVD-CWE-Other http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0646.html http://www.securiteam.com/exploits/5CP0R1PGUE.html http://www.securityfocus.com/bid/14935 http://www.osvdb.org/19682 http://secunia.com/advisories/16936 http://www.debian.org/security/2006/dsa-1006 https://nvd.nist.gov https://www.debian.org/security/./dsa-1006 https://www.exploit-db.com/exploits/1292/

CVE-2005-3081

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect