Summary
WarFTPd is prone to multiple remote format-string vulnerabilities because the application fails to sanitize user-supplied input before passing it to a formatted-output function.
An attacker can exploit these issues to crash the server and possibly to execute arbitrary code within the context of the server, but this has not been confirmed.
WarFTPd 1.82.00-RC11 is reported vulnerable
prior versions may be
vulnerable as well.
Solution
Updates are available. Please see the references for details.
References
Severity
Classification
-
CVE CVE-2006-5789 -
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:N/I:N/A:P
Related Vulnerabilities