- 论坛徽章:
- 0
|
请了第三方搞安全鉴定,其提出了一些安全隐患,不知道如何解决
环境:unixware713
4、WuftpMessageFileRoot: Wu-ftpd message file allows attackers to execute code as root (CVE-1999-0879)
Wu-ftpd macro variables in the message file allow local or remote attackers to overwrite the stack in the FTP daemon and execute code as root. This is caused by improper bounds checking during the expansion of macro variables in the message file.
5、WuftpSiteNewerDos: Wu-ftpd SITE NEWER denial of service (CVE-1999-0880)
Wu-ftpd SITE NEWER command consumes excessive amounts of memory that could lead to a denial of service attack. The SITE NEWER command is a feature specific to wu-ftpd designed to allow mirroring software to identify all files newer than a supplied date. Local and remote attackers could use the SITE NEWER command to perform a denial of service attack and execute arbitrary code with ftp user privileges, usually root. |
|
免费注册
发表于 2005-01-25 10:20