Palmetto

HIGH (10.0) No Patch (9807 days)
buffer-overflowftpdlow-complexity-exploitproftpdremote-root-accesswuarchive

Threat Intelligence

⚠️ CRITICAL GAP - Exploits exist but no detection available
EPSS Score: 48.33% chance of exploitation (percentile: 98%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: Exploit-DB

How we test →

What is it?

The wuarchive ftpd and ProFTPD are FTP servers used to transfer files over the internet. A buffer overflow vulnerability in these servers allows an attacker to execute arbitrary code on the server by sending a malicious string that gets logged, potentially leading to remote root access.

Am I affected?

You're affected if you use wuarchive ftpd or ProFTPD versions 2.17 and earlier. To check if you're running one of these servers, run ftp -inv (for wuarchive ftpd) or proftpd -V (for ProFTPD).

Note: This is a niche software, so if you don't recognize the name, you're probably not affected. However, if your organization uses FTP servers for file transfers, it's essential to investigate further.

Affected Products

IBM / wuarchive ftpd

How to fix

  1. Upgrade to wuarchive ftpd version 2.18 or ProFTPD version 1.3.33.
  2. For wuarchive ftpd: Download the patch from IBM's website.
  3. For ProFTPD: Download the patch from ProFTPD's website.

Immediate mitigations:
- Disable FTP access to your server (firewall it from the public internet)
- Audit log files for suspicious activity patterns
- Monitor for unauthorized login attempts

References