Vulnerability Name:

CVE-2004-0185 (CCN-13518)

Assigned:2003-10-26
Published:2003-10-26
Updated:2017-10-10
Summary:Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CONFIRM
Type: Patch
ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch

Source: MITRE
Type: CNA
CVE-2004-0185

Source: CCN
Type: RHSA-2004-096
wu-ftpd security update

Source: MISC
Type: UNKNOWN
http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt

Source: CCN
Type: CIAC Information Bulletin 0-119
HP Tru64 UNIX WU-FTPD Security Vulnerabilities

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-457

Source: DEBIAN
Type: DSA-457
wu-ftpd -- several vulnerabilities

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2004:096

Source: CCN
Type: SecuriTeam Mailing List, UNIX focus 26 Oct 2003
Wu-FTPd SKEY Stack Overflow Vulnerability

Source: MISC
Type: Exploit, Patch, Vendor Advisory
http://www.securiteam.com/unixfocus/6X00Q1P8KC.html

Source: BID
Type: UNKNOWN
8893

Source: CCN
Type: BID-8893
Wu-Ftpd S/Key Remote Buffer Overrun Vulnerability

Source: CCN
Type: TLSA-2004-8
Multiple vulnerabilities in wu-ftpd

Source: XF
Type: UNKNOWN
wuftpd-skey-bo(13518)

Source: XF
Type: UNKNOWN
wuftpd-skey-bo(13518)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*
  • AND
  • cpe:/o:compaq:tru64:5.1a:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux_server:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:6.0:*:*:*:workstation:*:*:*
  • OR cpe:/o:compaq:tru64:5.1b:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:457
    V
    		several vulnerabilities
    2004-03-08
    BACK
    washington_university wu-ftpd 2.6.2
    washington_university wu-ftpd 2.6.2
    compaq tru64 5.1a
    debian debian linux 3.0
    turbolinux turbolinux server 6.1
    turbolinux turbolinux workstation 6.0
    compaq tru64 5.1b
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat linux advanced workstation 2.1