Janusz Niewiadomski

**Name of the Vulnerable Software and Affected Versions** wu-ftpd versions 2.5.0 through 2.6.2 **Description** The issue is related to an off-by-one error in the `fb realpath()` function, which may allow attackers to execute arbitrary code. This can be triggered by commands that cause pathnames of length `MAXPATHLEN+1` to cause a buffer overflow, including commands such as `STOR`, `RETR`, `APPE`, `DELE`, `MKD`, `RMD`, `STOU`, or `RNTO`. The vulnerability can be exploited remotely and may lead to a violation of confidentiality, integrity, and availability of protected information. **Recommendations** For wu-ftpd versions 2.5.0 through 2.6.2, consider disabling the `fb realpath()` function or restricting access to the affected commands until a patch is available. Additionally, restrict access to the vulnerable module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** nfs-utils versions prior to 1.0.4 **Description** The issue is caused by an off-by-one error in the `xlog` function of `mountd` in the Linux NFS utils package. This error allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to `mountd` that do not contain newlines. The vulnerability can be exploited remotely, potentially leading to a disruption of confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 1.0.4, update to version 1.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the `mountd` service to minimize the risk of exploitation.