MIT Kerberos Development Team Information for VU#29823
Format string input validation error in wu-ftpd site_exec() function
Unknown. If you are the vendor named above, please contact us to update your status.
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
It seems that the MIT Kerberos ftpd is based on BSD ftpd revision 5.40, and has never contained any serious format string related bugs for some reason. It is possible that by defining an undocumented CPP macro SETPROCTITLE, calls to setproctitle() can be made, however, there is an internally declared setproctitle() function that does not take a format string as its argument, and is hence not vulnerable.
If you have feedback, comments, or additional information about this vulnerability, please send us email.