wuftpd format string exploit v1.39 Vulnerability exploited: CVE-2000-0573 - BID-1387 Category: Exploits/Remote This module exploits a format string bug present in the SITE EXEC and SITE INDEX commands. After successful exploitation a level 0 agent will be deployed. This level 0 agent will inherit the user identity and capabilities of the abused service, usually those of the user used to login into the ftp server (ftp, for example). However, the uid (as opposite to the euid) of the level 0 agent will be that of the super user in most cases (usually 0), and by using the setuid module (see setuid module documentation), it can be changed.When an anonymous user is used, or if the server is configured to do this for other users, the deployed level 0 agent will be running in a chroot jail. This situation does not prevent the level 0 agent to be used, and after setting the user id to that of the super user, the chroot breaker module (see chroot breaker module documentation) can be used to escape the chroot jail. Supported Systems: RedHat Linux 6.1 (i386) RedHat Linux 6.2 (i386) Debian Linux 2.2 (i386) Debian Linux 3 (i386) Solaris 9 (sun4u) Debian Linux 2.1 (i386) RedHat Linux 5.0 (i386) RedHat Linux 5.1 (i386) RedHat Linux 5.2 (i386) RedHat Linux 6.0 (i386) This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.