Wzdftpd.SITE.Arbitrary.Command.Execution
Description
Indicates an attacker tried to issue unauthorized commands by exploiting a vulnerability in Wxdftpd. Wzdftpd is a ftp server designed to be modular, work under linux/win32/freebsd/openbsd, and to be entirely configurable online using SITE commands. Wzdftpd contains a vulnerability which allows unauthorized users to issue arbitrary commands using the "|" or ";" characters that could allow malicious attackers access to the system.
Affected Products
wzdftpd 0.5.4 and earlier.
Impact
Issue arbitrary commands against the service potentially leading to the compromise of the system.
Recommended Actions
Update to wzdftp version 0.5.5 or newer.
http://www.wzdftpd.net
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |