WU-FTPD Development Group Information for VU#639760

WU-FTPD configured to use RFC 931 authentication running in debug mode contains format string vulnerability

Status

Affected

Vendor Statement

WU-FTPD has released a patch in July 2000 that addresses this issue in WU-FTPD 2.6.1:

ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.1/missing_format_strings.patch
WU-FTPD 2.6.2 is available and addresses this issue:
ftp://ftp.wu-ftpd.org/pub/wu-ftpd/

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.