FTP Site Exec contents.gifindex.gif

FTP Site Exec

In older versions of wu-FTP daemon, site exec allowed root access remotely without anonymous FTP or a regular account to exploit. This scanner probe tests whether or not an intruder can gain instant access to the machine. Anyone can execute a shell through the ftp port as root.

Risk: High

Fix: Upgrade to wu-FTP daemon version 2.4 or higher at Wuarchive-ftpd

Advisories: CA-93:06.wuarchive.ftpd.vulnerability, CA-94:07.wuarchive.ftpd.trojan.horse, CA-94:08.ftpd.vulnerabilities, CA-95:16.wu-ftpd.vul