Description
Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment.
Products
- Washington University WU-FTPD 2.4.1
- Washington University WU-FTPD 2.4.2 Beta 18 Academ
- Washington University WU-FTPD 2.4.2 Beta 18 VR10
- Washington University WU-FTPD 2.4.2 Beta 18 VR11
- Washington University WU-FTPD 2.4.2 Beta 18 VR12
- Washington University WU-FTPD 2.4.2 Beta 18 VR13
- Washington University WU-FTPD 2.4.2 Beta 18 VR14
- Washington University WU-FTPD 2.4.2 Beta 18 VR15
- Washington University WU-FTPD 2.4.2 Beta 18 VR4
- Washington University WU-FTPD 2.4.2 Beta 18 VR5
- Washington University WU-FTPD 2.4.2 Beta18 VR6
- Washington University WU-FTPD 2.4.2 Beta18 VR7
- Washington University WU-FTPD 2.4.2 Beta18 VR8
- Washington University WU-FTPD 2.4.2 Beta18 VR9
- Washington University WU-FTPD 2.4.2 Beta 9 Academ
- Washington University WU-FTPD 2.4.2 VR16
- Washington University WU-FTPD 2.4.2 VR17
- Washington University WU-FTPD 2.5
- Washington University WU-FTPD 2.6
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2001-0187, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2001-0187 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References