WU-FTPD QUOTE PASV Forced Core Dump Information Disclosure
Remote / Network Access
Loss of Confidentiality,
Loss of Availability
A remote overflow exists in WU-FTPD. WU-FTP fails to handle QUOTE PASV requests for logged in users, resulting in a memory overflow. With a specially crafted request, an attacker can cause the daemon to dump core and die. The core file will contain the usernames and password of all users on the system. These endstates are a loss of confidentiality, and availability.
Upgrade to version 2.6.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.