CVE-2003-0466

Name of the Vulnerable Software and Affected Versions wu-ftpd versions 2.5.0 through 2.6.2

Description The issue is related to an off-by-one error in the fb realpath() function, which may allow attackers to execute arbitrary code. This can be triggered by commands that cause pathnames of length MAXPATHLEN+1 to cause a buffer overflow, including commands such as STOR, RETR, APPE, DELE, MKD, RMD, STOU, or RNTO. The vulnerability can be exploited remotely and may lead to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For wu-ftpd versions 2.5.0 through 2.6.2, consider disabling the fb realpath() function or restricting access to the affected commands until a patch is available. Additionally, restrict access to the vulnerable module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.