All the vulnerabilites related to washington_university - wu-ftpd
cve-2001-0935
Vulnerability from cvelistv5
Published
2002-02-02 05:00
Modified
2024-08-08 04:37
Severity ?
EPSS score ?
Summary
Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:37:07.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SuSE-SA:2001:043",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-06T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SuSE-SA:2001:043",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SuSE-SA:2001:043",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0935",
"datePublished": "2002-02-02T05:00:00",
"dateReserved": "2002-01-31T00:00:00",
"dateUpdated": "2024-08-08T04:37:07.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0185
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:10
Severity ?
EPSS score ?
Summary
Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/8893 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2004/dsa-457 | vendor-advisory, x_refsource_DEBIAN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/13518 | vdb-entry, x_refsource_XF | |
| http://www.securiteam.com/unixfocus/6X00Q1P8KC.html | x_refsource_MISC | |
| http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt | x_refsource_MISC | |
| http://www.redhat.com/support/errata/RHSA-2004-096.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch"
},
{
"name": "8893",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8893"
},
{
"name": "DSA-457",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-457"
},
{
"name": "wuftpd-skey-bo(13518)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13518"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/unixfocus/6X00Q1P8KC.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt"
},
{
"name": "RHSA-2004:096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-096.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch"
},
{
"name": "8893",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8893"
},
{
"name": "DSA-457",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-457"
},
{
"name": "wuftpd-skey-bo(13518)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13518"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/unixfocus/6X00Q1P8KC.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt"
},
{
"name": "RHSA-2004:096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-096.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch",
"refsource": "CONFIRM",
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch"
},
{
"name": "8893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8893"
},
{
"name": "DSA-457",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-457"
},
{
"name": "wuftpd-skey-bo(13518)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13518"
},
{
"name": "http://www.securiteam.com/unixfocus/6X00Q1P8KC.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/6X00Q1P8KC.html"
},
{
"name": "http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt",
"refsource": "MISC",
"url": "http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt"
},
{
"name": "RHSA-2004:096",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-096.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0185",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-03-02T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-1999-0017
Vulnerability from cvelistv5
Published
1999-09-29 04:00
Modified
2024-08-01 16:27
Severity ?
EPSS score ?
Summary
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0017 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:27:56.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T06:25:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0017",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0017",
"datePublished": "1999-09-29T04:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:27:56.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-1999-0955
Vulnerability from cvelistv5
Published
2000-01-18 05:00
Modified
2024-08-01 16:55
Severity ?
EPSS score ?
Summary
Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0955 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:55:29.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0955"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T08:15:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0955"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0955",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0955"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0955",
"datePublished": "2000-01-18T05:00:00",
"dateReserved": "1999-12-08T00:00:00",
"dateUpdated": "2024-08-01T16:55:29.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1327
Vulnerability from cvelistv5
Published
2007-05-15 10:00
Modified
2024-08-08 02:28
Severity ?
EPSS score ?
Summary
Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/13269 | vdb-entry, x_refsource_XF | |
| http://www.slackware.org/security/viewer.php?l=slackware-security&y=2003&m=slackware-security.365971 | vendor-advisory, x_refsource_SLACKWARE | |
| http://securitytracker.com/id?1007775 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/8668 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/9835 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/2594 | vdb-entry, x_refsource_OSVDB | |
| http://archives.neohapsis.com/archives/bugtraq/2003-09/0348.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:01.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "wuftp-mailadmin-sockprintf-bo(13269)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13269"
},
{
"name": "SSA:2003-259-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2003\u0026m=slackware-security.365971"
},
{
"name": "1007775",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1007775"
},
{
"name": "8668",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8668"
},
{
"name": "9835",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/9835"
},
{
"name": "2594",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/2594"
},
{
"name": "20030922 Wu_ftpd all versions (not) vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-09/0348.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "wuftp-mailadmin-sockprintf-bo(13269)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13269"
},
{
"name": "SSA:2003-259-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2003\u0026m=slackware-security.365971"
},
{
"name": "1007775",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1007775"
},
{
"name": "8668",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8668"
},
{
"name": "9835",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/9835"
},
{
"name": "2594",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/2594"
},
{
"name": "20030922 Wu_ftpd all versions (not) vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-09/0348.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wuftp-mailadmin-sockprintf-bo(13269)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13269"
},
{
"name": "SSA:2003-259-03",
"refsource": "SLACKWARE",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2003\u0026m=slackware-security.365971"
},
{
"name": "1007775",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1007775"
},
{
"name": "8668",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8668"
},
{
"name": "9835",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9835"
},
{
"name": "2594",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2594"
},
{
"name": "20030922 Wu_ftpd all versions (not) vulnerability.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-09/0348.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1327",
"datePublished": "2007-05-15T10:00:00",
"dateReserved": "2007-05-14T00:00:00",
"dateUpdated": "2024-08-08T02:28:01.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-1999-0081
Vulnerability from cvelistv5
Published
1999-09-29 04:00
Modified
2024-08-01 16:27
Severity ?
EPSS score ?
Summary
wu-ftp allows files to be overwritten via the rnfr command.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cve.org/CVERecord?id=CVE-1999-0081 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:27:57.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-1999-0081"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "wu-ftp allows files to be overwritten via the rnfr command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T05:44:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cve.org/CVERecord?id=CVE-1999-0081"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wu-ftp allows files to be overwritten via the rnfr command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cve.org/CVERecord?id=CVE-1999-0081",
"refsource": "MISC",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-0081"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0081",
"datePublished": "1999-09-29T04:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:27:57.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-1999-1326
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-01 17:11
Severity ?
EPSS score ?
Summary
wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7169 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=87602167420408&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=bugtraq&m=87602167420401&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:11:02.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "wuftpd-abor-gain-privileges(7169)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7169"
},
{
"name": "19970105 BoS: serious security bug in wu-ftpd v2.4 -- PATCH",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=87602167420408\u0026w=2"
},
{
"name": "19970104 serious security bug in wu-ftpd v2.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=87602167420401\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1997-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "wuftpd-abor-gain-privileges(7169)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7169"
},
{
"name": "19970105 BoS: serious security bug in wu-ftpd v2.4 -- PATCH",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=87602167420408\u0026w=2"
},
{
"name": "19970104 serious security bug in wu-ftpd v2.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=87602167420401\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wuftpd-abor-gain-privileges(7169)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7169"
},
{
"name": "19970105 BoS: serious security bug in wu-ftpd v2.4 -- PATCH",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=87602167420408\u0026w=2"
},
{
"name": "19970104 serious security bug in wu-ftpd v2.4",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=87602167420401\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1326",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T17:11:02.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-1999-0080
Vulnerability from cvelistv5
Published
1999-09-29 04:00
Modified
2024-08-01 16:27
Severity ?
EPSS score ?
Summary
Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command.
References
| ▼ | URL | Tags |
|---|---|---|
| https://archive.nanog.org/mailinglist/mailarchives/old_archive/1995-11/msg00385.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:27:57.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://archive.nanog.org/mailinglist/mailarchives/old_archive/1995-11/msg00385.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the \"site exec\" command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T05:30:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://archive.nanog.org/mailinglist/mailarchives/old_archive/1995-11/msg00385.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the \"site exec\" command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://archive.nanog.org/mailinglist/mailarchives/old_archive/1995-11/msg00385.html",
"refsource": "MISC",
"url": "https://archive.nanog.org/mailinglist/mailarchives/old_archive/1995-11/msg00385.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0080",
"datePublished": "1999-09-29T04:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:27:57.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0854
Vulnerability from cvelistv5
Published
2003-10-25 04:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-705",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"name": "CLA-2003:771",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"name": "115",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/115"
},
{
"name": "CLA-2003:768",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"name": "20031022 Fun with /bin/ls, yet still ls better than windows",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"name": "RHSA-2003:309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"name": "TLSA-2003-60",
"tags": [
"vendor-advisory",
"x_refsource_TURBO",
"x_transferred"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"name": "RHSA-2003:310",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"name": "IMNX-2003-7+-026-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"name": "17069",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17069"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.guninski.com/binls.html"
},
{
"name": "10126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10126"
},
{
"name": "MDKSA-2003:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-705",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"name": "CLA-2003:771",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"name": "115",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/115"
},
{
"name": "CLA-2003:768",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"name": "20031022 Fun with /bin/ls, yet still ls better than windows",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"name": "RHSA-2003:309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"name": "TLSA-2003-60",
"tags": [
"vendor-advisory",
"x_refsource_TURBO"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"name": "RHSA-2003:310",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"name": "IMNX-2003-7+-026-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"name": "17069",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17069"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.guninski.com/binls.html"
},
{
"name": "10126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10126"
},
{
"name": "MDKSA-2003:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-705",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"name": "CLA-2003:771",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"name": "115",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/115"
},
{
"name": "CLA-2003:768",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"name": "20031022 Fun with /bin/ls, yet still ls better than windows",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"name": "RHSA-2003:309",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"name": "TLSA-2003-60",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"name": "RHSA-2003:310",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"name": "IMNX-2003-7+-026-01",
"refsource": "IMMUNIX",
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"name": "17069",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17069"
},
{
"name": "http://www.guninski.com/binls.html",
"refsource": "MISC",
"url": "http://www.guninski.com/binls.html"
},
{
"name": "10126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10126"
},
{
"name": "MDKSA-2003:106",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0854",
"datePublished": "2003-10-25T04:00:00",
"dateReserved": "2003-10-10T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0187
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 04:14
Severity ?
EPSS score ?
Summary
Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2001/dsa-016 | vendor-advisory, x_refsource_DEBIAN | |
| ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_current/missing_format_strings.patch | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6020 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/2296 | vdb-entry, x_refsource_BID | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000443 | vendor-advisory, x_refsource_CONECTIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:14:06.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-016",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2001/dsa-016"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_current/missing_format_strings.patch"
},
{
"name": "wuftp-debug-format-string(6020)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6020"
},
{
"name": "2296",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2296"
},
{
"name": "CLA-2001:443",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000443"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-05-21T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-016",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2001/dsa-016"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_current/missing_format_strings.patch"
},
{
"name": "wuftp-debug-format-string(6020)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6020"
},
{
"name": "2296",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2296"
},
{
"name": "CLA-2001:443",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000443"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-016",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-016"
},
{
"name": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_current/missing_format_strings.patch",
"refsource": "CONFIRM",
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_current/missing_format_strings.patch"
},
{
"name": "wuftp-debug-format-string(6020)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6020"
},
{
"name": "2296",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2296"
},
{
"name": "CLA-2001:443",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000443"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0187",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2001-03-08T00:00:00",
"dateUpdated": "2024-08-08T04:14:06.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0550
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 04:21
Severity ?
EPSS score ?
Summary
wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SuSE-SA:2001:043",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
},
{
"name": "20011128 CORE-20011001: Wu-FTP glob heap corruption vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100700363414799\u0026w=2"
},
{
"name": "CA-2001-33",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2001-33.html"
},
{
"name": "wuftp-glob-heap-corruption(7611)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7611"
},
{
"name": "MDKSA-2001:090",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3"
},
{
"name": "CLA-2001:442",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000442"
},
{
"name": "HPSBUX0107-162",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162"
},
{
"name": "20010430 some ftpd implementations mishandle CWD ~{",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/82/180823"
},
{
"name": "CSSA-2001-041.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt"
},
{
"name": "DSA-087",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2001/dsa-087"
},
{
"name": "IMNX-2001-70-036-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01"
},
{
"name": "RHSA-2001:157",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-157.html"
},
{
"name": "VU#886083",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/886083"
},
{
"name": "3581",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a \"~{\" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-16T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SuSE-SA:2001:043",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
},
{
"name": "20011128 CORE-20011001: Wu-FTP glob heap corruption vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100700363414799\u0026w=2"
},
{
"name": "CA-2001-33",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2001-33.html"
},
{
"name": "wuftp-glob-heap-corruption(7611)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7611"
},
{
"name": "MDKSA-2001:090",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3"
},
{
"name": "CLA-2001:442",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000442"
},
{
"name": "HPSBUX0107-162",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162"
},
{
"name": "20010430 some ftpd implementations mishandle CWD ~{",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV"
],
"url": "http://www.securityfocus.com/archive/82/180823"
},
{
"name": "CSSA-2001-041.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt"
},
{
"name": "DSA-087",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2001/dsa-087"
},
{
"name": "IMNX-2001-70-036-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01"
},
{
"name": "RHSA-2001:157",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-157.html"
},
{
"name": "VU#886083",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/886083"
},
{
"name": "3581",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3581"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a \"~{\" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SuSE-SA:2001:043",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
},
{
"name": "20011128 CORE-20011001: Wu-FTP glob heap corruption vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=100700363414799\u0026w=2"
},
{
"name": "CA-2001-33",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2001-33.html"
},
{
"name": "wuftp-glob-heap-corruption(7611)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7611"
},
{
"name": "MDKSA-2001:090",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3"
},
{
"name": "CLA-2001:442",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000442"
},
{
"name": "HPSBUX0107-162",
"refsource": "HP",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162"
},
{
"name": "20010430 some ftpd implementations mishandle CWD ~{",
"refsource": "VULN-DEV",
"url": "http://www.securityfocus.com/archive/82/180823"
},
{
"name": "CSSA-2001-041.0",
"refsource": "CALDERA",
"url": "http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt"
},
{
"name": "DSA-087",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-087"
},
{
"name": "IMNX-2001-70-036-01",
"refsource": "IMMUNIX",
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01"
},
{
"name": "RHSA-2001:157",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-157.html"
},
{
"name": "VU#886083",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/886083"
},
{
"name": "3581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3581"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0550",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2001-07-18T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0256
Vulnerability from cvelistv5
Published
2005-02-25 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-705",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"name": "18210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18210"
},
{
"name": "oval:org.mitre.oval:def:1762",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1762"
},
{
"name": "ADV-2006-1271",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1271"
},
{
"name": "ADV-2005-0588",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0588"
},
{
"name": "57795",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57795-1"
},
{
"name": "14411",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14411"
},
{
"name": "oval:org.mitre.oval:def:1265",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1265"
},
{
"name": "HPSBUX02110",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342"
},
{
"name": "101699",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101699-1"
},
{
"name": "SCOSA-2005.63",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.63/SCOSA-2005.63.txt"
},
{
"name": "19561",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19561"
},
{
"name": "SSRT061110",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342"
},
{
"name": "20050225 WU-FTPD File Globbing Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=207\u0026type=vulnerabilities"
},
{
"name": "oval:org.mitre.oval:def:1333",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1333"
},
{
"name": "14203",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/14203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-705",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"name": "18210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18210"
},
{
"name": "oval:org.mitre.oval:def:1762",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1762"
},
{
"name": "ADV-2006-1271",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1271"
},
{
"name": "ADV-2005-0588",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0588"
},
{
"name": "57795",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57795-1"
},
{
"name": "14411",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14411"
},
{
"name": "oval:org.mitre.oval:def:1265",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1265"
},
{
"name": "HPSBUX02110",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342"
},
{
"name": "101699",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101699-1"
},
{
"name": "SCOSA-2005.63",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.63/SCOSA-2005.63.txt"
},
{
"name": "19561",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19561"
},
{
"name": "SSRT061110",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342"
},
{
"name": "20050225 WU-FTPD File Globbing Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=207\u0026type=vulnerabilities"
},
{
"name": "oval:org.mitre.oval:def:1333",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1333"
},
{
"name": "14203",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/14203"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-705",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"name": "18210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18210"
},
{
"name": "oval:org.mitre.oval:def:1762",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1762"
},
{
"name": "ADV-2006-1271",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1271"
},
{
"name": "ADV-2005-0588",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0588"
},
{
"name": "57795",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57795-1"
},
{
"name": "14411",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14411"
},
{
"name": "oval:org.mitre.oval:def:1265",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1265"
},
{
"name": "HPSBUX02110",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342"
},
{
"name": "101699",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101699-1"
},
{
"name": "SCOSA-2005.63",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.63/SCOSA-2005.63.txt"
},
{
"name": "19561",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19561"
},
{
"name": "SSRT061110",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342"
},
{
"name": "20050225 WU-FTPD File Globbing Denial of Service Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=207\u0026type=vulnerabilities"
},
{
"name": "oval:org.mitre.oval:def:1333",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1333"
},
{
"name": "14203",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/14203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0256",
"datePublished": "2005-02-25T05:00:00",
"dateReserved": "2005-02-09T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-1999-0075
Vulnerability from cvelistv5
Published
1999-09-29 04:00
Modified
2024-08-01 16:27
Severity ?
EPSS score ?
Summary
PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/5742 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:27:57.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5742",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5742"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5742",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5742"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5742",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5742"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0075",
"datePublished": "1999-09-29T04:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:27:57.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0853
Vulnerability from cvelistv5
Published
2003-10-25 04:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2003:771",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"name": "CLA-2003:768",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"name": "20031022 Fun with /bin/ls, yet still ls better than windows",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"name": "RHSA-2003:309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"name": "TLSA-2003-60",
"tags": [
"vendor-advisory",
"x_refsource_TURBO",
"x_transferred"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"name": "RHSA-2003:310",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"name": "8875",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8875"
},
{
"name": "IMNX-2003-7+-026-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"name": "17069",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17069"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.guninski.com/binls.html"
},
{
"name": "10126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10126"
},
{
"name": "MDKSA-2003:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-10-28T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2003:771",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"name": "CLA-2003:768",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"name": "20031022 Fun with /bin/ls, yet still ls better than windows",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"name": "RHSA-2003:309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"name": "TLSA-2003-60",
"tags": [
"vendor-advisory",
"x_refsource_TURBO"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"name": "RHSA-2003:310",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"name": "8875",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8875"
},
{
"name": "IMNX-2003-7+-026-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"name": "17069",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17069"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.guninski.com/binls.html"
},
{
"name": "10126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10126"
},
{
"name": "MDKSA-2003:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2003:771",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"name": "CLA-2003:768",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"name": "20031022 Fun with /bin/ls, yet still ls better than windows",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"name": "RHSA-2003:309",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"name": "TLSA-2003-60",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"name": "RHSA-2003:310",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"name": "8875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8875"
},
{
"name": "IMNX-2003-7+-026-01",
"refsource": "IMMUNIX",
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"name": "17069",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17069"
},
{
"name": "http://www.guninski.com/binls.html",
"refsource": "MISC",
"url": "http://www.guninski.com/binls.html"
},
{
"name": "10126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10126"
},
{
"name": "MDKSA-2003:106",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0853",
"datePublished": "2003-10-25T04:00:00",
"dateReserved": "2003-10-10T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1329
Vulnerability from cvelistv5
Published
2007-05-21 20:00
Modified
2024-09-16 23:55
Severity ?
EPSS score ?
Summary
ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only allow one non-connected socket bound to the same local address," does not close failed connections, which allows remote attackers to cause a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/34670 | vdb-entry, x_refsource_OSVDB | |
| ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:02.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34670",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/34670"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ftpd.c in wu-ftpd 2.6.2, when running on \"operating systems that only allow one non-connected socket bound to the same local address,\" does not close failed connections, which allows remote attackers to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-05-21T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34670",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/34670"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ftpd.c in wu-ftpd 2.6.2, when running on \"operating systems that only allow one non-connected socket bound to the same local address,\" does not close failed connections, which allows remote attackers to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34670",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/34670"
},
{
"name": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch",
"refsource": "CONFIRM",
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1329",
"datePublished": "2007-05-21T20:00:00Z",
"dateReserved": "2007-05-21T00:00:00Z",
"dateUpdated": "2024-09-16T23:55:39.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0148
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:10
Severity ?
EPSS score ?
Summary
wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "wuftpd-restrictedgid-gain-access(15423)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15423"
},
{
"name": "oval:org.mitre.oval:def:1637",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1637"
},
{
"name": "102356",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1"
},
{
"name": "DSA-457",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-457"
},
{
"name": "oval:org.mitre.oval:def:1147",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1147"
},
{
"name": "11055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11055"
},
{
"name": "20168",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20168"
},
{
"name": "SSRT4704",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108999466902690\u0026w=2"
},
{
"name": "9832",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9832"
},
{
"name": "oval:org.mitre.oval:def:648",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A648"
},
{
"name": "RHSA-2004:096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-096.html"
},
{
"name": "oval:org.mitre.oval:def:1636",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1636"
},
{
"name": "ADV-2006-1867",
"tags": [
"third-party-advisory",
"x_refsource_FRSIRT",
"x_transferred"
],
"url": "http://www.frsirt.com/english/advisories/2006/1867"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-05-22T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "wuftpd-restrictedgid-gain-access(15423)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15423"
},
{
"name": "oval:org.mitre.oval:def:1637",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1637"
},
{
"name": "102356",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1"
},
{
"name": "DSA-457",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-457"
},
{
"name": "oval:org.mitre.oval:def:1147",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1147"
},
{
"name": "11055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11055"
},
{
"name": "20168",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20168"
},
{
"name": "SSRT4704",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108999466902690\u0026w=2"
},
{
"name": "9832",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9832"
},
{
"name": "oval:org.mitre.oval:def:648",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A648"
},
{
"name": "RHSA-2004:096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-096.html"
},
{
"name": "oval:org.mitre.oval:def:1636",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1636"
},
{
"name": "ADV-2006-1867",
"tags": [
"third-party-advisory",
"x_refsource_FRSIRT"
],
"url": "http://www.frsirt.com/english/advisories/2006/1867"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wuftpd-restrictedgid-gain-access(15423)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15423"
},
{
"name": "oval:org.mitre.oval:def:1637",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1637"
},
{
"name": "102356",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1"
},
{
"name": "DSA-457",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-457"
},
{
"name": "oval:org.mitre.oval:def:1147",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1147"
},
{
"name": "11055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11055"
},
{
"name": "20168",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20168"
},
{
"name": "SSRT4704",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=108999466902690\u0026w=2"
},
{
"name": "9832",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9832"
},
{
"name": "oval:org.mitre.oval:def:648",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A648"
},
{
"name": "RHSA-2004:096",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-096.html"
},
{
"name": "oval:org.mitre.oval:def:1636",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1636"
},
{
"name": "ADV-2006-1867",
"refsource": "FRSIRT",
"url": "http://www.frsirt.com/english/advisories/2006/1867"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0148",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-1999-0878
Vulnerability from cvelistv5
Published
2000-01-04 05:00
Modified
2024-08-01 16:55
Severity ?
EPSS score ?
Summary
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/599 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:55:28.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "599",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/599"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-17T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "599",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/599"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "599",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/599"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0878",
"datePublished": "2000-01-04T05:00:00",
"dateReserved": "1999-12-08T00:00:00",
"dateUpdated": "2024-08-01T16:55:28.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-1999-0368
Vulnerability from cvelistv5
Published
1999-09-29 04:00
Modified
2024-08-01 16:34
Severity ?
EPSS score ?
Summary
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0368 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:34:51.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0368"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T07:24:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0368"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0368",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0368"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0368",
"datePublished": "1999-09-29T04:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:34:51.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-1999-0156
Vulnerability from cvelistv5
Published
2000-02-04 05:00
Modified
2024-08-01 16:27
Severity ?
EPSS score ?
Summary
wu-ftpd FTP daemon allows any user and password combination.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cve.org/CVERecord?id=CVE-1999-0156 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:27:57.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-1999-0156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "wu-ftpd FTP daemon allows any user and password combination."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T08:23:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cve.org/CVERecord?id=CVE-1999-0156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wu-ftpd FTP daemon allows any user and password combination."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cve.org/CVERecord?id=CVE-1999-0156",
"refsource": "MISC",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-0156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0156",
"datePublished": "2000-02-04T05:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:27:57.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-1999-0076
Vulnerability from cvelistv5
Published
2000-02-04 05:00
Modified
2024-08-01 16:27
Severity ?
EPSS score ?
Summary
Buffer overflow in wu-ftp from PASV command causes a core dump.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0076 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:27:57.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0076"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in wu-ftp from PASV command causes a core dump."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T06:35:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0076"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in wu-ftp from PASV command causes a core dump."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0076",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0076"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0076",
"datePublished": "2000-02-04T05:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:27:57.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0574
Vulnerability from cvelistv5
Published
2000-07-19 04:00
Modified
2024-08-08 05:21
Severity ?
EPSS score ?
Summary
FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/1425 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2000-07/0121.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/1438 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2000-07/0061.html | mailing-list, x_refsource_BUGTRAQ | |
| ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-009.txt.asc | vendor-advisory, x_refsource_NETBSD | |
| http://archives.neohapsis.com/archives/bugtraq/2000-07/0031.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.cert.org/advisories/CA-2000-13.html | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:21:31.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1425",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1425"
},
{
"name": "20000710 opieftpd setproctitle() patches",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0121.html"
},
{
"name": "1438",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1438"
},
{
"name": "20000706 ftpd and setproctitle()",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0061.html"
},
{
"name": "NetBSD-SA2000-009",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-009.txt.asc"
},
{
"name": "20000705 proftp advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0031.html"
},
{
"name": "CA-2000-13",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2000-13.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-21T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1425",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1425"
},
{
"name": "20000710 opieftpd setproctitle() patches",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0121.html"
},
{
"name": "1438",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1438"
},
{
"name": "20000706 ftpd and setproctitle()",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0061.html"
},
{
"name": "NetBSD-SA2000-009",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-009.txt.asc"
},
{
"name": "20000705 proftp advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0031.html"
},
{
"name": "CA-2000-13",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2000-13.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1425",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1425"
},
{
"name": "20000710 opieftpd setproctitle() patches",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0121.html"
},
{
"name": "1438",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1438"
},
{
"name": "20000706 ftpd and setproctitle()",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0061.html"
},
{
"name": "NetBSD-SA2000-009",
"refsource": "NETBSD",
"url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-009.txt.asc"
},
{
"name": "20000705 proftp advisory",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0031.html"
},
{
"name": "CA-2000-13",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2000-13.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0574",
"datePublished": "2000-07-19T04:00:00",
"dateReserved": "2000-07-19T00:00:00",
"dateUpdated": "2024-08-08T05:21:31.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0466
Vulnerability from cvelistv5
Published
2003-08-01 04:00
Modified
2024-08-08 01:58
Severity ?
EPSS score ?
Summary
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:10.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030804 Off-by-one Buffer Overflow Vulnerability in BSD libc realpath(3)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106002488209129\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt"
},
{
"name": "9446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/9446"
},
{
"name": "6602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6602"
},
{
"name": "oval:org.mitre.oval:def:1970",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1970"
},
{
"name": "20060213 Latest wu-ftpd exploit :-s",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/424852/100/0/threaded"
},
{
"name": "8315",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8315"
},
{
"name": "9423",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/9423"
},
{
"name": "20030731 wu-ftpd fb_realpath() off-by-one bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105967301604815\u0026w=2"
},
{
"name": "20030731 wu-ftpd fb_realpath() off-by-one bug",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html"
},
{
"name": "IMNX-2003-7+-019-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01"
},
{
"name": "RHSA-2003:246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-246.html"
},
{
"name": "20060214 Re: Latest wu-ftpd exploit :-s",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425061/100/0/threaded"
},
{
"name": "VU#743092",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/743092"
},
{
"name": "RHSA-2003:245",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-245.html"
},
{
"name": "SuSE-SA:2003:032",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2003_032_wuftpd.html"
},
{
"name": "1001257",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001257.1-1"
},
{
"name": "DSA-357",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-357"
},
{
"name": "20030804 wu-ftpd-2.6.2 off-by-one remote exploit.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106001702232325\u0026w=2"
},
{
"name": "1007380",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1007380"
},
{
"name": "MDKSA-2003:080",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:080"
},
{
"name": "libc-realpath-offbyone-bo(12785)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12785"
},
{
"name": "FreeBSD-SA-03:08",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106001410028809\u0026w=2"
},
{
"name": "TLSA-2003-46",
"tags": [
"vendor-advisory",
"x_refsource_TURBO",
"x_transferred"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-46.txt"
},
{
"name": "NetBSD-SA2003-011.txt.asc",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc"
},
{
"name": "9535",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/9535"
},
{
"name": "9447",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/9447"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030804 Off-by-one Buffer Overflow Vulnerability in BSD libc realpath(3)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106002488209129\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt"
},
{
"name": "9446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/9446"
},
{
"name": "6602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6602"
},
{
"name": "oval:org.mitre.oval:def:1970",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1970"
},
{
"name": "20060213 Latest wu-ftpd exploit :-s",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/424852/100/0/threaded"
},
{
"name": "8315",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8315"
},
{
"name": "9423",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/9423"
},
{
"name": "20030731 wu-ftpd fb_realpath() off-by-one bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105967301604815\u0026w=2"
},
{
"name": "20030731 wu-ftpd fb_realpath() off-by-one bug",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html"
},
{
"name": "IMNX-2003-7+-019-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01"
},
{
"name": "RHSA-2003:246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-246.html"
},
{
"name": "20060214 Re: Latest wu-ftpd exploit :-s",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425061/100/0/threaded"
},
{
"name": "VU#743092",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/743092"
},
{
"name": "RHSA-2003:245",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-245.html"
},
{
"name": "SuSE-SA:2003:032",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2003_032_wuftpd.html"
},
{
"name": "1001257",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001257.1-1"
},
{
"name": "DSA-357",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-357"
},
{
"name": "20030804 wu-ftpd-2.6.2 off-by-one remote exploit.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106001702232325\u0026w=2"
},
{
"name": "1007380",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1007380"
},
{
"name": "MDKSA-2003:080",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:080"
},
{
"name": "libc-realpath-offbyone-bo(12785)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12785"
},
{
"name": "FreeBSD-SA-03:08",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106001410028809\u0026w=2"
},
{
"name": "TLSA-2003-46",
"tags": [
"vendor-advisory",
"x_refsource_TURBO"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-46.txt"
},
{
"name": "NetBSD-SA2003-011.txt.asc",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc"
},
{
"name": "9535",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/9535"
},
{
"name": "9447",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/9447"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030804 Off-by-one Buffer Overflow Vulnerability in BSD libc realpath(3)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106002488209129\u0026w=2"
},
{
"name": "http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt",
"refsource": "MISC",
"url": "http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt"
},
{
"name": "9446",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9446"
},
{
"name": "6602",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6602"
},
{
"name": "oval:org.mitre.oval:def:1970",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1970"
},
{
"name": "20060213 Latest wu-ftpd exploit :-s",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424852/100/0/threaded"
},
{
"name": "8315",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8315"
},
{
"name": "9423",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9423"
},
{
"name": "20030731 wu-ftpd fb_realpath() off-by-one bug",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105967301604815\u0026w=2"
},
{
"name": "20030731 wu-ftpd fb_realpath() off-by-one bug",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html"
},
{
"name": "IMNX-2003-7+-019-01",
"refsource": "IMMUNIX",
"url": "http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01"
},
{
"name": "RHSA-2003:246",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-246.html"
},
{
"name": "20060214 Re: Latest wu-ftpd exploit :-s",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425061/100/0/threaded"
},
{
"name": "VU#743092",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/743092"
},
{
"name": "RHSA-2003:245",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-245.html"
},
{
"name": "SuSE-SA:2003:032",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_032_wuftpd.html"
},
{
"name": "1001257",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001257.1-1"
},
{
"name": "DSA-357",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-357"
},
{
"name": "20030804 wu-ftpd-2.6.2 off-by-one remote exploit.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106001702232325\u0026w=2"
},
{
"name": "1007380",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1007380"
},
{
"name": "MDKSA-2003:080",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:080"
},
{
"name": "libc-realpath-offbyone-bo(12785)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12785"
},
{
"name": "FreeBSD-SA-03:08",
"refsource": "FREEBSD",
"url": "http://marc.info/?l=bugtraq\u0026m=106001410028809\u0026w=2"
},
{
"name": "TLSA-2003-46",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/security/TLSA-2003-46.txt"
},
{
"name": "NetBSD-SA2003-011.txt.asc",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc"
},
{
"name": "9535",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9535"
},
{
"name": "9447",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9447"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0466",
"datePublished": "2003-08-01T04:00:00",
"dateReserved": "2003-06-26T00:00:00",
"dateUpdated": "2024-08-08T01:58:10.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
1997-07-01 04:00
Modified
2024-11-20 23:27
Severity ?
Summary
Buffer overflow in wu-ftp from PASV command causes a core dump.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| washington_university | wu-ftpd | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0326E91-1E2D-4F29-BFEA-11BE48640AE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in wu-ftp from PASV command causes a core dump."
}
],
"id": "CVE-1999-0076",
"lastModified": "2024-11-20T23:27:47.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1997-07-01T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0076"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1997-01-11 05:00
Modified
2024-11-20 23:27
Severity ?
Summary
wu-ftp allows files to be overwritten via the rnfr command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| washington_university | wu-ftpd | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0326E91-1E2D-4F29-BFEA-11BE48640AE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "wu-ftp allows files to be overwritten via the rnfr command."
}
],
"id": "CVE-1999-0081",
"lastModified": "2024-11-20T23:27:48.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1997-01-11T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-0081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-0081"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-02-09 05:00
Modified
2024-11-20 23:28
Severity ?
Summary
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| proftpd_project | proftpd | 1.2_pre1 | |
| washington_university | wu-ftpd | 2.4.2_beta18 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr9 | |
| caldera | openlinux | 1.3 | |
| debian | debian_linux | 2.0 | |
| redhat | linux | 5.0 | |
| redhat | linux | 5.1 | |
| sco | openserver | 5.0 | |
| sco | openserver | 5.0.2 | |
| sco | openserver | 5.0.3 | |
| sco | openserver | 5.0.4 | |
| sco | openserver | 5.0.5 | |
| sco | unixware | 7.0 | |
| sco | unixware | 7.0.1 | |
| slackware | slackware_linux | 3.4 | |
| slackware | slackware_linux | 3.5 | |
| slackware | slackware_linux | 3.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE1015CB-9A33-48D5-861A-A1FC0D8D0FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18:*:*:*:*:*:*:*",
"matchCriteriaId": "2D48DE48-5216-42AB-BEA8-EA490C5D4278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*",
"matchCriteriaId": "4989799F-143A-45E5-A30C-9E3203649770",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:caldera:openlinux:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EED21F27-4ADA-42AC-B28E-F849F47D4043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "203BDD63-2FA5-42FD-A9CD-6BDBB41A63C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BF54738-3C44-4FD4-AA9C-CAB2E86B1DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF44364-0F57-4B74-81B0-501EA6B58501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sco:openserver:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C19F7B3-9043-4E53-90DE-92A4387858A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sco:openserver:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0169CBF5-9301-42D2-A6DA-73393BD986D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sco:openserver:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6236FA51-E996-4E84-A8CC-2635A814CCC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sco:openserver:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "035FBF8B-EB91-4211-9979-8A9E913A54A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sco:openserver:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B8BA72B4-C4AF-41C6-92ED-30B286E00EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sco:unixware:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17439B5B-0B66-490B-9B53-2C9D576C879F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sco:unixware:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9FD7BF-97E4-426D-881F-03C9D5B8895D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E6732144-10D4-4114-A7DA-32157EE3EF38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "125918E7-53BB-407A-8D95-5D95CDF39A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE0BBA4F-C61A-4A8E-A7E2-CE0DF76DF592",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto."
}
],
"id": "CVE-1999-0368",
"lastModified": "2024-11-20T23:28:34.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-02-09T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0368"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-08-22 04:00
Modified
2024-11-20 23:29
Severity ?
Summary
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| beroftpd | beroftpd | 1.3.2 | |
| beroftpd | beroftpd | 1.3.3 | |
| beroftpd | beroftpd | 1.3.4 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr4 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr5 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr6 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr8 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr9 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr10 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr11 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr12 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr13 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr14 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr15 | |
| washington_university | wu-ftpd | 2.4.2_vr16 | |
| washington_university | wu-ftpd | 2.4.2_vr17 | |
| washington_university | wu-ftpd | 2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beroftpd:beroftpd:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "602F3F84-3DA1-4ABE-8E47-F7B54169922E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beroftpd:beroftpd:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "514C8A8E-E4B0-4135-B240-379D25148AFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beroftpd:beroftpd:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7810EC3A-70AD-4ECB-A7EF-2CC5F527D696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*",
"matchCriteriaId": "B39D46C4-B153-4301-AE9C-57FB6BA64CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*",
"matchCriteriaId": "E55582DD-DEF7-4BF8-950C-E7E58BD29DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF9B9132-19A1-4242-A129-E5A49F466EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A096214-84AD-44F5-BBEF-F9F17B9B0C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*",
"matchCriteriaId": "4989799F-143A-45E5-A30C-9E3203649770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3D0CC6-D1A0-4784-BE93-319C7EE59134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA32489-F098-43D2-80B7-89CFE0BE9A3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*:*:*:*:*:*:*",
"matchCriteriaId": "91C6388E-464B-4562-BC7B-7B4A66387B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5711-853D-4A77-8FB3-D5C3D449518D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB1B136-F90E-426B-8010-F2D059E89DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*:*:*:*:*:*:*",
"matchCriteriaId": "CD9EFCD7-2A13-420E-B6A0-C1248B2E6E2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:*:*:*",
"matchCriteriaId": "573486C8-0349-4BC9-AD7D-3FBF93DDB6AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD81A30-9C35-4EEA-B6FE-A4AC76893AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFFA39F-9072-4F19-A695-F383EA61D55D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR."
}
],
"id": "CVE-1999-0878",
"lastModified": "2024-11-20T23:29:45.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-08-22T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/599"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-03-15 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| washington_university | wu-ftpd | 2.6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D851CEBD-4FE5-46D9-99BD-CA3F3235B2E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la funci\u00f3n skey_challenge en ftpd.c de wu-ftp daemon (wu-ftpd) 2.6.2 permite a atacantes remotos causar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo arbitrario mediante una petici\u00f3n s/key (SKEY) con un nombre muy grande."
}
],
"id": "CVE-2004-0185",
"lastModified": "2024-11-20T23:47:57.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-03-15T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-457"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-096.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securiteam.com/unixfocus/6X00Q1P8KC.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/8893"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securiteam.com/unixfocus/6X00Q1P8KC.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/8893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13518"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-03-26 05:00
Modified
2024-11-20 23:34
Severity ?
Summary
Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| washington_university | wu-ftpd | 2.4.1 | |
| washington_university | wu-ftpd | 2.4.2_beta9 | |
| washington_university | wu-ftpd | 2.4.2_beta18 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr4 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr5 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr6 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr7 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr8 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr9 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr10 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr11 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr12 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr13 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr14 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr15 | |
| washington_university | wu-ftpd | 2.4.2_vr16 | |
| washington_university | wu-ftpd | 2.4.2_vr17 | |
| washington_university | wu-ftpd | 2.5 | |
| washington_university | wu-ftpd | 2.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28E5257A-F5ED-482C-9A0B-3B576513E7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta9:*:academ:*:*:*:*:*",
"matchCriteriaId": "1DF420E7-4BA8-45A4-B75E-8EEC10DDBD6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18:*:academ:*:*:*:*:*",
"matchCriteriaId": "C63ACBE3-5BB2-483E-A5FE-87698E98354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*",
"matchCriteriaId": "B39D46C4-B153-4301-AE9C-57FB6BA64CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*",
"matchCriteriaId": "E55582DD-DEF7-4BF8-950C-E7E58BD29DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF9B9132-19A1-4242-A129-E5A49F466EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9E32F3-06CF-482D-8313-3D098CDE8B6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A096214-84AD-44F5-BBEF-F9F17B9B0C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*",
"matchCriteriaId": "4989799F-143A-45E5-A30C-9E3203649770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3D0CC6-D1A0-4784-BE93-319C7EE59134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA32489-F098-43D2-80B7-89CFE0BE9A3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*:*:*:*:*:*:*",
"matchCriteriaId": "91C6388E-464B-4562-BC7B-7B4A66387B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5711-853D-4A77-8FB3-D5C3D449518D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB1B136-F90E-426B-8010-F2D059E89DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*:*:*:*:*:*:*",
"matchCriteriaId": "CD9EFCD7-2A13-420E-B6A0-C1248B2E6E2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:*:*:*",
"matchCriteriaId": "573486C8-0349-4BC9-AD7D-3FBF93DDB6AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD81A30-9C35-4EEA-B6FE-A4AC76893AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFFA39F-9072-4F19-A695-F383EA61D55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5D6359-4E6D-4563-8251-F1719D45E20E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment."
}
],
"id": "CVE-2001-0187",
"lastModified": "2024-11-20T23:34:48.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-03-26T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_current/missing_format_strings.patch"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000443"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2001/dsa-016"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2296"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_current/missing_format_strings.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2001/dsa-016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6020"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 2.1 ships with wu-ftp version 2.6.2 which is not vulnerable to this issue.",
"lastModified": "2006-09-27T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-11-28 05:00
Modified
2024-11-20 23:36
Severity ?
Summary
Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| washington_university | wu-ftpd | 2.4 | |
| washington_university | wu-ftpd | 2.6.0 | |
| washington_university | wu-ftpd | 2.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A86BB4F6-210F-448A-A3CB-127BEB5BD0D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E9B738-E8DF-4FE7-B4A5-91DE46A9CF8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7196CF2D-8CCC-454A-A2C1-6408A9D636C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550."
}
],
"id": "CVE-2001-0935",
"lastModified": "2024-11-20T23:36:28.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-11-28T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "CVE-2001-0935 refers to vulnerabilities found when SUSE did a code audit of the wu-ftpd glob.c file in wu-ftpd 2.6.0. They shared these details with the wu-ftpd upstream authors who clarified that some of the issues did not apply, and all were addressed by the version of glob.c in upstream wu-ftpd 2.6.1. Therefore we believe that the issues labelled as CVE-2001-0935 do not affect wu-ftpd 2.6.1 or later versions and therefore do not affect Red Hat Enterprise Linux 2.1.",
"lastModified": "2006-09-27T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-11-30 05:00
Modified
2024-11-20 23:35
Severity ?
Summary
wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| david_madore | ftpd-bsd | 0.3.2 | |
| david_madore | ftpd-bsd | 0.3.3 | |
| washington_university | wu-ftpd | 2.5.0 | |
| washington_university | wu-ftpd | 2.6.0 | |
| washington_university | wu-ftpd | 2.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:david_madore:ftpd-bsd:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2D2E1B-DDF8-4AD5-B208-CDDA0658D267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_madore:ftpd-bsd:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F526A3B-219C-454A-9235-DDC22AB832D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "473E71DD-F779-4F93-838A-AD6768BB8DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E9B738-E8DF-4FE7-B4A5-91DE46A9CF8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7196CF2D-8CCC-454A-A2C1-6408A9D636C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a \"~{\" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob)."
}
],
"id": "CVE-2001-0550",
"lastModified": "2024-11-20T23:35:37.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-11-30T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000442"
},
{
"source": "cve@mitre.org",
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=100700363414799\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2001-33.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2001/dsa-087"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/886083"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-157.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/82/180823"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3581"
},
{
"source": "cve@mitre.org",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=100700363414799\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2001-33.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2001/dsa-087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/886083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-157.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/82/180823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7611"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1995-11-30 05:00
Modified
2024-11-20 23:27
Severity ?
Summary
Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| washington_university | wu-ftpd | 2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A86BB4F6-210F-448A-A3CB-127BEB5BD0D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the \"site exec\" command."
}
],
"id": "CVE-1999-0080",
"lastModified": "2024-11-20T23:27:48.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1995-11-30T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://archive.nanog.org/mailinglist/mailarchives/old_archive/1995-11/msg00385.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://archive.nanog.org/mailinglist/mailarchives/old_archive/1995-11/msg00385.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-04-15 04:00
Modified
2024-11-20 23:47
Severity ?
Summary
wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sgi | propack | 2.3 | |
| sgi | propack | 2.4 | |
| washington_university | wu-ftpd | 2.4.1 | |
| washington_university | wu-ftpd | 2.4.2_beta2 | |
| washington_university | wu-ftpd | 2.4.2_beta18 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr4 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr5 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr6 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr7 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr8 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr9 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr10 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr11 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr12 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr13 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr14 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr15 | |
| washington_university | wu-ftpd | 2.4.2_vr16 | |
| washington_university | wu-ftpd | 2.4.2_vr17 | |
| washington_university | wu-ftpd | 2.5.0 | |
| washington_university | wu-ftpd | 2.6.0 | |
| washington_university | wu-ftpd | 2.6.1 | |
| washington_university | wu-ftpd | 2.6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "26430687-409B-448F-934B-06AB937DDF63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0702A32E-E577-403C-B4D9-15037D7100A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28E5257A-F5ED-482C-9A0B-3B576513E7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta2:*:academ:*:*:*:*:*",
"matchCriteriaId": "833542E5-B4E7-4995-95C9-E012AE13902D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18:*:academ:*:*:*:*:*",
"matchCriteriaId": "C63ACBE3-5BB2-483E-A5FE-87698E98354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*",
"matchCriteriaId": "B39D46C4-B153-4301-AE9C-57FB6BA64CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*",
"matchCriteriaId": "E55582DD-DEF7-4BF8-950C-E7E58BD29DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF9B9132-19A1-4242-A129-E5A49F466EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9E32F3-06CF-482D-8313-3D098CDE8B6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A096214-84AD-44F5-BBEF-F9F17B9B0C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*",
"matchCriteriaId": "4989799F-143A-45E5-A30C-9E3203649770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3D0CC6-D1A0-4784-BE93-319C7EE59134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA32489-F098-43D2-80B7-89CFE0BE9A3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*:*:*:*:*:*:*",
"matchCriteriaId": "91C6388E-464B-4562-BC7B-7B4A66387B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5711-853D-4A77-8FB3-D5C3D449518D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB1B136-F90E-426B-8010-F2D059E89DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*:*:*:*:*:*:*",
"matchCriteriaId": "CD9EFCD7-2A13-420E-B6A0-C1248B2E6E2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:*:*:*",
"matchCriteriaId": "573486C8-0349-4BC9-AD7D-3FBF93DDB6AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD81A30-9C35-4EEA-B6FE-A4AC76893AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "473E71DD-F779-4F93-838A-AD6768BB8DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E9B738-E8DF-4FE7-B4A5-91DE46A9CF8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7196CF2D-8CCC-454A-A2C1-6408A9D636C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D851CEBD-4FE5-46D9-99BD-CA3F3235B2E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead."
},
{
"lang": "es",
"value": "wu-ftpd 2.6.2 y anteriores, con la opci\u00f3n restricted-gid activada, permite a usuarios locales saltarse restricciones de acceso cambiando los permisos para impedir el acceso a su directorio home, lo que hace que wu-ftpd use el directorio ra\u00edz en su lugar."
}
],
"id": "CVE-2004-0148",
"lastModified": "2024-11-20T23:47:51.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-04-15T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108999466902690\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11055"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20168"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-457"
},
{
"source": "cve@mitre.org",
"url": "http://www.frsirt.com/english/advisories/2006/1867"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-096.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9832"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15423"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1147"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1636"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1637"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108999466902690\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.frsirt.com/english/advisories/2006/1867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A648"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| washington_university | wu-ftpd | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "655CB6E8-276B-4738-9775-7976AB7EB2BA",
"versionEndIncluding": "2.6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator."
}
],
"evaluatorImpact": "Successful exploitation requires that the option \"MAIL_ADMIN\" has been enabled (not default), that anonymous users have write permissions on a folder, and that the program has been compiled on a system where very long paths are permitted.",
"id": "CVE-2003-1327",
"lastModified": "2024-11-20T23:46:52.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-09/0348.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/9835"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1007775"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/2594"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/8668"
},
{
"source": "cve@mitre.org",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2003\u0026m=slackware-security.365971"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-09/0348.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/9835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1007775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/2594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/8668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2003\u0026m=slackware-security.365971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13269"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-11-17 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5763D60E-A358-4D0A-BD7B-B01CC4CAD7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "5B1309D6-E5D0-41FB-B7E0-2667EE34C796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F6A8F0-396B-4484-9621-70FFC61BF4A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7E2FE284-B564-48C7-9DA4-31A6D9AD3E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F0049681-875E-4876-B2E4-519708F2BBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28E5257A-F5ED-482C-9A0B-3B576513E7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta2:*:academ:*:*:*:*:*",
"matchCriteriaId": "833542E5-B4E7-4995-95C9-E012AE13902D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18:*:academ:*:*:*:*:*",
"matchCriteriaId": "C63ACBE3-5BB2-483E-A5FE-87698E98354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*",
"matchCriteriaId": "B39D46C4-B153-4301-AE9C-57FB6BA64CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*",
"matchCriteriaId": "E55582DD-DEF7-4BF8-950C-E7E58BD29DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF9B9132-19A1-4242-A129-E5A49F466EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9E32F3-06CF-482D-8313-3D098CDE8B6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A096214-84AD-44F5-BBEF-F9F17B9B0C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*",
"matchCriteriaId": "4989799F-143A-45E5-A30C-9E3203649770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3D0CC6-D1A0-4784-BE93-319C7EE59134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA32489-F098-43D2-80B7-89CFE0BE9A3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*:*:*:*:*:*:*",
"matchCriteriaId": "91C6388E-464B-4562-BC7B-7B4A66387B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5711-853D-4A77-8FB3-D5C3D449518D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB1B136-F90E-426B-8010-F2D059E89DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*:*:*:*:*:*:*",
"matchCriteriaId": "CD9EFCD7-2A13-420E-B6A0-C1248B2E6E2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:*:*:*",
"matchCriteriaId": "573486C8-0349-4BC9-AD7D-3FBF93DDB6AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD81A30-9C35-4EEA-B6FE-A4AC76893AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "473E71DD-F779-4F93-838A-AD6768BB8DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E9B738-E8DF-4FE7-B4A5-91DE46A9CF8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7196CF2D-8CCC-454A-A2C1-6408A9D636C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D851CEBD-4FE5-46D9-99BD-CA3F3235B2E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd."
},
{
"lang": "es",
"value": "ls en los paquetes fileutils o coreutils permite a usuarios locales consumir una gran cantidad de memoria mediante un valor -w, lo que puede ser explotado remotamente mediante aplicaciones que usan ls, com wu-ftpd."
}
],
"id": "CVE-2003-0854",
"lastModified": "2024-11-20T23:45:40.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-11-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/10126"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17069"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"source": "cve@mitre.org",
"url": "http://www.guninski.com/binls.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"source": "cve@mitre.org",
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/10126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.guninski.com/binls.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/115"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1997-09-23 04:00
Modified
2024-11-20 23:29
Severity ?
Summary
Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| washington_university | wu-ftpd | 2.4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28E5257A-F5ED-482C-9A0B-3B576513E7D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command."
}
],
"id": "CVE-1999-0955",
"lastModified": "2024-11-20T23:29:56.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1997-09-23T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0955"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| washington_university | wu-ftpd | 2.6.1 | |
| washington_university | wu-ftpd | 2.6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7196CF2D-8CCC-454A-A2C1-6408A9D636C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D851CEBD-4FE5-46D9-99BD-CA3F3235B2E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command."
}
],
"id": "CVE-2005-0256",
"lastModified": "2024-11-20T23:54:44.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.63/SCOSA-2005.63.txt"
},
{
"source": "cve@mitre.org",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342"
},
{
"source": "cve@mitre.org",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14411"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18210"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19561"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101699-1"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57795-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.idefense.com/application/poi/display?id=207\u0026type=vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/14203"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/0588"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1271"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1265"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1333"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.63/SCOSA-2005.63.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101699-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57795-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.idefense.com/application/poi/display?id=207\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/14203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/0588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1762"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. Red Hat Enterprise Linux 2.1 shipped with wu-ftpd, however we were unable to reproduce this issue. Additionally, a code analysis showed that attempts to exploit this issue would be caught in the versions we shipped.\nhttp://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=149720",
"lastModified": "2006-10-23T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1997-07-01 04:00
Modified
2024-11-20 23:28
Severity ?
Summary
wu-ftpd FTP daemon allows any user and password combination.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| washington_university | wu-ftpd | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0326E91-1E2D-4F29-BFEA-11BE48640AE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "wu-ftpd FTP daemon allows any user and password combination."
}
],
"id": "CVE-1999-0156",
"lastModified": "2024-11-20T23:28:00.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1997-07-01T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-0156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-0156"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1997-07-04 04:00
Modified
2024-11-20 23:30
Severity ?
Summary
wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| washington_university | wu-ftpd | 2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A86BB4F6-210F-448A-A3CB-127BEB5BD0D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files."
}
],
"id": "CVE-1999-1326",
"lastModified": "2024-11-20T23:30:50.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1997-07-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=87602167420401\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=87602167420408\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=87602167420401\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=87602167420408\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7169"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-11-17 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5763D60E-A358-4D0A-BD7B-B01CC4CAD7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "5B1309D6-E5D0-41FB-B7E0-2667EE34C796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F6A8F0-396B-4484-9621-70FFC61BF4A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7E2FE284-B564-48C7-9DA4-31A6D9AD3E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F0049681-875E-4876-B2E4-519708F2BBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28E5257A-F5ED-482C-9A0B-3B576513E7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta2:*:academ:*:*:*:*:*",
"matchCriteriaId": "833542E5-B4E7-4995-95C9-E012AE13902D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18:*:academ:*:*:*:*:*",
"matchCriteriaId": "C63ACBE3-5BB2-483E-A5FE-87698E98354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*",
"matchCriteriaId": "B39D46C4-B153-4301-AE9C-57FB6BA64CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*",
"matchCriteriaId": "E55582DD-DEF7-4BF8-950C-E7E58BD29DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF9B9132-19A1-4242-A129-E5A49F466EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9E32F3-06CF-482D-8313-3D098CDE8B6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A096214-84AD-44F5-BBEF-F9F17B9B0C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*",
"matchCriteriaId": "4989799F-143A-45E5-A30C-9E3203649770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3D0CC6-D1A0-4784-BE93-319C7EE59134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA32489-F098-43D2-80B7-89CFE0BE9A3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*:*:*:*:*:*:*",
"matchCriteriaId": "91C6388E-464B-4562-BC7B-7B4A66387B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5711-853D-4A77-8FB3-D5C3D449518D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB1B136-F90E-426B-8010-F2D059E89DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*:*:*:*:*:*:*",
"matchCriteriaId": "CD9EFCD7-2A13-420E-B6A0-C1248B2E6E2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:*:*:*",
"matchCriteriaId": "573486C8-0349-4BC9-AD7D-3FBF93DDB6AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD81A30-9C35-4EEA-B6FE-A4AC76893AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "473E71DD-F779-4F93-838A-AD6768BB8DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E9B738-E8DF-4FE7-B4A5-91DE46A9CF8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7196CF2D-8CCC-454A-A2C1-6408A9D636C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D851CEBD-4FE5-46D9-99BD-CA3F3235B2E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd."
},
{
"lang": "es",
"value": "Un desbordamiento de enteros en ls en los paquetes fileutils o coreutils puede permitir a usuarios locales causar una denegaci\u00f3n de servicio o ejecutar c\u00f3digo arbitrario mediante un valor -w, lo que podr\u00eda ser explotado remotamente mediante aplicaciones que usan ls, como wu-ftpd."
}
],
"id": "CVE-2003-0853",
"lastModified": "2024-11-20T23:45:40.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-11-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/10126"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17069"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.guninski.com/binls.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8875"
},
{
"source": "cve@mitre.org",
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/10126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.guninski.com/binls.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only allow one non-connected socket bound to the same local address," does not close failed connections, which allows remote attackers to cause a denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| washington_university | wu-ftpd | 2.6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D851CEBD-4FE5-46D9-99BD-CA3F3235B2E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ftpd.c in wu-ftpd 2.6.2, when running on \"operating systems that only allow one non-connected socket bound to the same local address,\" does not close failed connections, which allows remote attackers to cause a denial of service."
}
],
"id": "CVE-2003-1329",
"lastModified": "2024-11-20T23:46:53.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/34670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/34670"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-07-07 04:00
Modified
2024-11-20 23:32
Severity ?
Summary
FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | ftpd | 5.51 | |
| openbsd | ftpd | 5.60 | |
| washington_university | wu-ftpd | 2.4.2_beta1 | |
| washington_university | wu-ftpd | 2.4.2_beta18 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr4 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr5 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr6 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr7 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr8 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr9 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr10 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr11 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr12 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr13 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr14 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr15 | |
| washington_university | wu-ftpd | 2.4.2_vr16 | |
| washington_university | wu-ftpd | 2.4.2_vr17 | |
| washington_university | wu-ftpd | 2.5 | |
| washington_university | wu-ftpd | 2.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:ftpd:5.51:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F2A623-1D9D-4656-9D09-07CA0BFBBBB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:ftpd:5.60:*:*:*:*:*:*:*",
"matchCriteriaId": "797AE65F-8A84-4211-9FB4-42D098F31D32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta1:*:academ:*:*:*:*:*",
"matchCriteriaId": "7BFD083F-3B2C-4343-950F-3062670AB73B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18:*:academ:*:*:*:*:*",
"matchCriteriaId": "C63ACBE3-5BB2-483E-A5FE-87698E98354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*",
"matchCriteriaId": "B39D46C4-B153-4301-AE9C-57FB6BA64CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*",
"matchCriteriaId": "E55582DD-DEF7-4BF8-950C-E7E58BD29DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF9B9132-19A1-4242-A129-E5A49F466EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9E32F3-06CF-482D-8313-3D098CDE8B6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A096214-84AD-44F5-BBEF-F9F17B9B0C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*",
"matchCriteriaId": "4989799F-143A-45E5-A30C-9E3203649770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3D0CC6-D1A0-4784-BE93-319C7EE59134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA32489-F098-43D2-80B7-89CFE0BE9A3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*:*:*:*:*:*:*",
"matchCriteriaId": "91C6388E-464B-4562-BC7B-7B4A66387B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5711-853D-4A77-8FB3-D5C3D449518D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB1B136-F90E-426B-8010-F2D059E89DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*:*:*:*:*:*:*",
"matchCriteriaId": "CD9EFCD7-2A13-420E-B6A0-C1248B2E6E2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:*:*:*",
"matchCriteriaId": "573486C8-0349-4BC9-AD7D-3FBF93DDB6AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD81A30-9C35-4EEA-B6FE-A4AC76893AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFFA39F-9072-4F19-A695-F383EA61D55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5D6359-4E6D-4563-8251-F1719D45E20E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands."
}
],
"id": "CVE-2000-0574",
"lastModified": "2024-11-20T23:32:48.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-07-07T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-009.txt.asc"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0031.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0061.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0121.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2000-13.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/1425"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/1438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-009.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2000-13.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/1425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/1438"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1996-10-16 04:00
Modified
2024-11-20 23:27
Severity ?
Summary
PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| washington_university | wu-ftpd | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0326E91-1E2D-4F29-BFEA-11BE48640AE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password."
}
],
"id": "CVE-1999-0075",
"lastModified": "2024-11-20T23:27:47.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1996-10-16T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5742"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1997-12-10 05:00
Modified
2024-11-20 23:27
Severity ?
Summary
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | inet | 5.01 | |
| gnu | inet | 6.01 | |
| gnu | inet | 6.02 | |
| washington_university | wu-ftpd | 2.4 | |
| caldera | openlinux | 1.2 | |
| freebsd | freebsd | 1.0 | |
| freebsd | freebsd | 1.1 | |
| freebsd | freebsd | 1.2 | |
| freebsd | freebsd | 2.0 | |
| freebsd | freebsd | 2.1.0 | |
| freebsd | freebsd | 2.1.7 | |
| ibm | aix | 3.2 | |
| ibm | aix | 4.1 | |
| ibm | aix | 4.2 | |
| ibm | aix | 4.3 | |
| netbsd | netbsd | 1.0 | |
| netbsd | netbsd | 1.1 | |
| netbsd | netbsd | 1.2 | |
| netbsd | netbsd | 1.2.1 | |
| sco | open_desktop | 3.0 | |
| sco | openserver | 5.0.4 | |
| sco | unixware | 2.1 | |
| siemens | reliant_unix | * | |
| sun | sunos | 4.1.3u1 | |
| sun | sunos | 4.1.4 | |
| sun | sunos | 5.3 | |
| sun | sunos | 5.4 | |
| sun | sunos | 5.4 | |
| sun | sunos | 5.5 | |
| sun | sunos | 5.5 | |
| sun | sunos | 5.5.1 | |
| sun | sunos | 5.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:inet:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "679EB37A-DC20-4EB0-BF1E-664BF53AC054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:inet:6.01:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF8F484-F5AA-4834-B976-764B2488F377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:inet:6.02:*:*:*:*:*:*:*",
"matchCriteriaId": "C692D0C5-BCF4-4C68-B7DF-EDCE4A55F1B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A86BB4F6-210F-448A-A3CB-127BEB5BD0D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:caldera:openlinux:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C77FA7-C977-4223-B6AC-91B82C45129C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44EFD22E-02C9-4B80-8934-A9AC8DD858CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1B4D4A5-25EB-48FE-BDFD-A274CE802648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A037F1-98AD-47CC-8D83-B42666E1B61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F098C1-D09E-49B4-9B51-E84B6C4EA6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "27C9E23D-AB82-4AE1-873E-C5493BB96AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF4F7002-A525-4A66-BE8B-E50ABBF144B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:aix:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD5E0678-45C7-492A-963C-897494D6878F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:aix:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF25306-E7C2-4F9A-A809-4779A6C0A079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:aix:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05F20EC2-ADE6-4F96-A2E7-1DCCA819D657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:aix:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "11ACD012-F05F-45CD-A170-96CBAA42FFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF613C9-DC4A-45F0-BEE1-8450762B0089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "441CEF2E-9687-4930-8536-B8B83018BD28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55DD3C82-0B7D-4B25-B603-AD6C6D59239A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC7A39CD-C4B2-4FD9-A450-E5C7A5480174",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sco:open_desktop:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD2701A-E930-4F4D-85F7-02F80135E34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sco:openserver:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "035FBF8B-EB91-4211-9979-8A9E913A54A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sco:unixware:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "168248AC-E4F6-4C8F-9A21-0E6ABE029DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:reliant_unix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A2C5456-FF11-403E-B67E-5961278D812A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:4.1.3u1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD1BA107-F2D3-4F13-82EC-4576C429E3C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1070749A-65E9-439A-A7CC-3CE529A5D5E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C7A22D21-E0A9-4B56-86C7-805AD1A610D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7AAC8954-74A8-4FE3-ABE7-57DA041D9D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.4:*:x86:*:*:*:*:*",
"matchCriteriaId": "D1DEB967-BD3E-4CCF-B53F-3927454FA689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5B72953B-E873-4E44-A3CF-12D770A0D416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.5:*:x86:*:*:*:*:*",
"matchCriteriaId": "1C89DF53-2038-487A-A08F-8D705B7BFB27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39F847DB-65A9-47DA-BCFA-A179E5E2301A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.5.1:*:x86:*:*:*:*:*",
"matchCriteriaId": "C82E90A7-C5D7-4DFC-8FF5-4EFAF30C790B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce."
}
],
"id": "CVE-1999-0017",
"lastModified": "2024-11-20T23:27:37.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1997-12-10T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0017"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}