The WFTPD FTP server is a widely used open-source FTP server software. This vulnerability allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
The WFTPD FTP server is a widely used open-source FTP server software. This vulnerability allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
This is the WFTPD FTP server, NOT vsftpd or other similar FTP servers. You're affected if you use WFTPD versions 2.0.5 through 3.0.3.
Check with: find / -name "wftp*.so" 2>/dev/null
Version info not stated in advisory.
Upgrade to WFTPD version 3.0.4 or later from the official website (https://sourceware.org/wftp/).
- Apply patch wftpd-3.0.4.patch (available on SourceForge) using patch -p1 < wftpd-3.0.4.patch.