Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Wu-ftpd | Washington_university | 2.4.2_beta18 | 2.4.2_beta18 |
| Wu-ftpd | Washington_university | 2.4.2_beta18_vr14 | 2.4.2_beta18_vr14 |
| Wu-ftpd | Washington_university | 2.4.2_vr17 | 2.4.2_vr17 |
| Wu-ftpd | Washington_university | 2.4.2_beta18_vr9 | 2.4.2_beta18_vr9 |
| Wu-ftpd | Washington_university | 2.5 | 2.5 |
| Wu-ftpd | Washington_university | 2.4.1 | 2.4.1 |
| Wu-ftpd | Washington_university | 2.4.2_vr16 | 2.4.2_vr16 |
| Wu-ftpd | Washington_university | 2.4.2_beta18_vr11 | 2.4.2_beta18_vr11 |
| Wu-ftpd | Washington_university | 2.4.2_beta18_vr6 | 2.4.2_beta18_vr6 |
| Wu-ftpd | Washington_university | 2.4.2_beta18_vr4 | 2.4.2_beta18_vr4 |
| Wu-ftpd | Washington_university | 2.6 | 2.6 |
| Wu-ftpd | Washington_university | 2.4.2_beta18_vr12 | 2.4.2_beta18_vr12 |
| Wu-ftpd | Washington_university | 2.4.2_beta18_vr5 | 2.4.2_beta18_vr5 |
| Wu-ftpd | Washington_university | 2.4.2_beta18_vr13 | 2.4.2_beta18_vr13 |
| Wu-ftpd | Washington_university | 2.4.2_beta18_vr10 | 2.4.2_beta18_vr10 |
| Wu-ftpd | Washington_university | 2.4.2_beta9 | 2.4.2_beta9 |
| Wu-ftpd | Washington_university | 2.4.2_beta18_vr15 | 2.4.2_beta18_vr15 |
| Wu-ftpd | Washington_university | 2.4.2_beta18_vr7 | 2.4.2_beta18_vr7 |
| Wu-ftpd | Washington_university | 2.4.2_beta18_vr8 | 2.4.2_beta18_vr8 |