CVE-2001-0187

wu-ftpd 2.6.1 - Remote Code Execution via Format String in PASV Port Assignment

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0187. PoCs published by Wu-ftpd team.

AI-analyzed exploit summary This is a writeup demonstrating a format string vulnerability in Wu-ftpd when running in debug mode. The vulnerability allows an attacker to exploit insecure logging to syslog by manipulating hostname resolution, potentially leading to remote root access.

Description

Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Wu-ftpd team · textremoteunix
https://www.exploit-db.com/exploits/20594

This is a writeup demonstrating a format string vulnerability in Wu-ftpd when running in debug mode. The vulnerability allows an attacker to exploit insecure logging to syslog by manipulating hostname resolution, potentially leading to remote root access.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Wu-ftpd 2.6.0
No auth needed
Prerequisites: Control over hostname resolution (e.g., /etc/hosts, DNS, NIS) · Wu-ftpd running in debug mode
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2001/dsa-016
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6020
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2296
Vendor Advisory vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000443

Scores

EPSS 0.0567
EPSS Percentile 92.1%

Details

Status published
Products (19)
washington_university/wu-ftpd 2.4.1
washington_university/wu-ftpd 2.4.2_beta9
washington_university/wu-ftpd 2.4.2_beta18
washington_university/wu-ftpd 2.4.2_beta18_vr4
washington_university/wu-ftpd 2.4.2_beta18_vr5
washington_university/wu-ftpd 2.4.2_beta18_vr6
washington_university/wu-ftpd 2.4.2_beta18_vr7
washington_university/wu-ftpd 2.4.2_beta18_vr8
washington_university/wu-ftpd 2.4.2_beta18_vr9
washington_university/wu-ftpd 2.4.2_beta18_vr10
... and 9 more
Published Mar 26, 2001
Tracked Since Feb 18, 2026