Search criteria
65 vulnerabilities found for wu-ftpd by washington_university
CVE-2003-1329 (GCVE-0-2003-1329)
Vulnerability from cvelistv5 – Published: 2007-05-21 20:00 – Updated: 2024-09-16 23:55
VLAI?
Summary
ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only allow one non-connected socket bound to the same local address," does not close failed connections, which allows remote attackers to cause a denial of service.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:02.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34670",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/34670"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ftpd.c in wu-ftpd 2.6.2, when running on \"operating systems that only allow one non-connected socket bound to the same local address,\" does not close failed connections, which allows remote attackers to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-05-21T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34670",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/34670"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ftpd.c in wu-ftpd 2.6.2, when running on \"operating systems that only allow one non-connected socket bound to the same local address,\" does not close failed connections, which allows remote attackers to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34670",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/34670"
},
{
"name": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch",
"refsource": "CONFIRM",
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1329",
"datePublished": "2007-05-21T20:00:00Z",
"dateReserved": "2007-05-21T00:00:00Z",
"dateUpdated": "2024-09-16T23:55:39.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1327 (GCVE-0-2003-1327)
Vulnerability from cvelistv5 – Published: 2007-05-15 10:00 – Updated: 2024-08-08 02:28
VLAI?
Summary
Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:01.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "wuftp-mailadmin-sockprintf-bo(13269)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13269"
},
{
"name": "SSA:2003-259-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2003\u0026m=slackware-security.365971"
},
{
"name": "1007775",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1007775"
},
{
"name": "8668",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8668"
},
{
"name": "9835",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/9835"
},
{
"name": "2594",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/2594"
},
{
"name": "20030922 Wu_ftpd all versions (not) vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-09/0348.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "wuftp-mailadmin-sockprintf-bo(13269)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13269"
},
{
"name": "SSA:2003-259-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2003\u0026m=slackware-security.365971"
},
{
"name": "1007775",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1007775"
},
{
"name": "8668",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8668"
},
{
"name": "9835",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/9835"
},
{
"name": "2594",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/2594"
},
{
"name": "20030922 Wu_ftpd all versions (not) vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-09/0348.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wuftp-mailadmin-sockprintf-bo(13269)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13269"
},
{
"name": "SSA:2003-259-03",
"refsource": "SLACKWARE",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2003\u0026m=slackware-security.365971"
},
{
"name": "1007775",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1007775"
},
{
"name": "8668",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8668"
},
{
"name": "9835",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9835"
},
{
"name": "2594",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2594"
},
{
"name": "20030922 Wu_ftpd all versions (not) vulnerability.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-09/0348.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1327",
"datePublished": "2007-05-15T10:00:00",
"dateReserved": "2007-05-14T00:00:00",
"dateUpdated": "2024-08-08T02:28:01.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0256 (GCVE-0-2005-0256)
Vulnerability from cvelistv5 – Published: 2005-02-25 05:00 – Updated: 2024-08-07 21:05
VLAI?
Summary
The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-705",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"name": "18210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18210"
},
{
"name": "oval:org.mitre.oval:def:1762",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1762"
},
{
"name": "ADV-2006-1271",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1271"
},
{
"name": "ADV-2005-0588",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0588"
},
{
"name": "57795",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57795-1"
},
{
"name": "14411",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14411"
},
{
"name": "oval:org.mitre.oval:def:1265",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1265"
},
{
"name": "HPSBUX02110",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342"
},
{
"name": "101699",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101699-1"
},
{
"name": "SCOSA-2005.63",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.63/SCOSA-2005.63.txt"
},
{
"name": "19561",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19561"
},
{
"name": "SSRT061110",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342"
},
{
"name": "20050225 WU-FTPD File Globbing Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=207\u0026type=vulnerabilities"
},
{
"name": "oval:org.mitre.oval:def:1333",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1333"
},
{
"name": "14203",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/14203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-705",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"name": "18210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18210"
},
{
"name": "oval:org.mitre.oval:def:1762",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1762"
},
{
"name": "ADV-2006-1271",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1271"
},
{
"name": "ADV-2005-0588",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0588"
},
{
"name": "57795",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57795-1"
},
{
"name": "14411",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14411"
},
{
"name": "oval:org.mitre.oval:def:1265",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1265"
},
{
"name": "HPSBUX02110",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342"
},
{
"name": "101699",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101699-1"
},
{
"name": "SCOSA-2005.63",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.63/SCOSA-2005.63.txt"
},
{
"name": "19561",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19561"
},
{
"name": "SSRT061110",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342"
},
{
"name": "20050225 WU-FTPD File Globbing Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=207\u0026type=vulnerabilities"
},
{
"name": "oval:org.mitre.oval:def:1333",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1333"
},
{
"name": "14203",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/14203"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-705",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"name": "18210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18210"
},
{
"name": "oval:org.mitre.oval:def:1762",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1762"
},
{
"name": "ADV-2006-1271",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1271"
},
{
"name": "ADV-2005-0588",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0588"
},
{
"name": "57795",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57795-1"
},
{
"name": "14411",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14411"
},
{
"name": "oval:org.mitre.oval:def:1265",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1265"
},
{
"name": "HPSBUX02110",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342"
},
{
"name": "101699",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101699-1"
},
{
"name": "SCOSA-2005.63",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.63/SCOSA-2005.63.txt"
},
{
"name": "19561",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19561"
},
{
"name": "SSRT061110",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342"
},
{
"name": "20050225 WU-FTPD File Globbing Denial of Service Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=207\u0026type=vulnerabilities"
},
{
"name": "oval:org.mitre.oval:def:1333",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1333"
},
{
"name": "14203",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/14203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0256",
"datePublished": "2005-02-25T05:00:00",
"dateReserved": "2005-02-09T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0148 (GCVE-0-2004-0148)
Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 00:10
VLAI?
Summary
wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "wuftpd-restrictedgid-gain-access(15423)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15423"
},
{
"name": "oval:org.mitre.oval:def:1637",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1637"
},
{
"name": "102356",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1"
},
{
"name": "DSA-457",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-457"
},
{
"name": "oval:org.mitre.oval:def:1147",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1147"
},
{
"name": "11055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11055"
},
{
"name": "20168",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20168"
},
{
"name": "SSRT4704",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108999466902690\u0026w=2"
},
{
"name": "9832",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9832"
},
{
"name": "oval:org.mitre.oval:def:648",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A648"
},
{
"name": "RHSA-2004:096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-096.html"
},
{
"name": "oval:org.mitre.oval:def:1636",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1636"
},
{
"name": "ADV-2006-1867",
"tags": [
"third-party-advisory",
"x_refsource_FRSIRT",
"x_transferred"
],
"url": "http://www.frsirt.com/english/advisories/2006/1867"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-05-22T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "wuftpd-restrictedgid-gain-access(15423)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15423"
},
{
"name": "oval:org.mitre.oval:def:1637",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1637"
},
{
"name": "102356",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1"
},
{
"name": "DSA-457",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-457"
},
{
"name": "oval:org.mitre.oval:def:1147",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1147"
},
{
"name": "11055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11055"
},
{
"name": "20168",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20168"
},
{
"name": "SSRT4704",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108999466902690\u0026w=2"
},
{
"name": "9832",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9832"
},
{
"name": "oval:org.mitre.oval:def:648",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A648"
},
{
"name": "RHSA-2004:096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-096.html"
},
{
"name": "oval:org.mitre.oval:def:1636",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1636"
},
{
"name": "ADV-2006-1867",
"tags": [
"third-party-advisory",
"x_refsource_FRSIRT"
],
"url": "http://www.frsirt.com/english/advisories/2006/1867"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wuftpd-restrictedgid-gain-access(15423)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15423"
},
{
"name": "oval:org.mitre.oval:def:1637",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1637"
},
{
"name": "102356",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1"
},
{
"name": "DSA-457",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-457"
},
{
"name": "oval:org.mitre.oval:def:1147",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1147"
},
{
"name": "11055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11055"
},
{
"name": "20168",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20168"
},
{
"name": "SSRT4704",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=108999466902690\u0026w=2"
},
{
"name": "9832",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9832"
},
{
"name": "oval:org.mitre.oval:def:648",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A648"
},
{
"name": "RHSA-2004:096",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-096.html"
},
{
"name": "oval:org.mitre.oval:def:1636",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1636"
},
{
"name": "ADV-2006-1867",
"refsource": "FRSIRT",
"url": "http://www.frsirt.com/english/advisories/2006/1867"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0148",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0185 (GCVE-0-2004-0185)
Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 00:10
VLAI?
Summary
Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch"
},
{
"name": "8893",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8893"
},
{
"name": "DSA-457",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-457"
},
{
"name": "wuftpd-skey-bo(13518)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13518"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/unixfocus/6X00Q1P8KC.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt"
},
{
"name": "RHSA-2004:096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-096.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch"
},
{
"name": "8893",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8893"
},
{
"name": "DSA-457",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-457"
},
{
"name": "wuftpd-skey-bo(13518)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13518"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/unixfocus/6X00Q1P8KC.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt"
},
{
"name": "RHSA-2004:096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-096.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch",
"refsource": "CONFIRM",
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch"
},
{
"name": "8893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8893"
},
{
"name": "DSA-457",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-457"
},
{
"name": "wuftpd-skey-bo(13518)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13518"
},
{
"name": "http://www.securiteam.com/unixfocus/6X00Q1P8KC.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/6X00Q1P8KC.html"
},
{
"name": "http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt",
"refsource": "MISC",
"url": "http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt"
},
{
"name": "RHSA-2004:096",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-096.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0185",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-03-02T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0853 (GCVE-0-2003-0853)
Vulnerability from cvelistv5 – Published: 2003-10-25 04:00 – Updated: 2024-08-08 02:05
VLAI?
Summary
An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2003:771",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"name": "CLA-2003:768",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"name": "20031022 Fun with /bin/ls, yet still ls better than windows",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"name": "RHSA-2003:309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"name": "TLSA-2003-60",
"tags": [
"vendor-advisory",
"x_refsource_TURBO",
"x_transferred"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"name": "RHSA-2003:310",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"name": "8875",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8875"
},
{
"name": "IMNX-2003-7+-026-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"name": "17069",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17069"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.guninski.com/binls.html"
},
{
"name": "10126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10126"
},
{
"name": "MDKSA-2003:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-10-28T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2003:771",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"name": "CLA-2003:768",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"name": "20031022 Fun with /bin/ls, yet still ls better than windows",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"name": "RHSA-2003:309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"name": "TLSA-2003-60",
"tags": [
"vendor-advisory",
"x_refsource_TURBO"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"name": "RHSA-2003:310",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"name": "8875",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8875"
},
{
"name": "IMNX-2003-7+-026-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"name": "17069",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17069"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.guninski.com/binls.html"
},
{
"name": "10126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10126"
},
{
"name": "MDKSA-2003:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2003:771",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"name": "CLA-2003:768",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"name": "20031022 Fun with /bin/ls, yet still ls better than windows",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"name": "RHSA-2003:309",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"name": "TLSA-2003-60",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"name": "RHSA-2003:310",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"name": "8875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8875"
},
{
"name": "IMNX-2003-7+-026-01",
"refsource": "IMMUNIX",
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"name": "17069",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17069"
},
{
"name": "http://www.guninski.com/binls.html",
"refsource": "MISC",
"url": "http://www.guninski.com/binls.html"
},
{
"name": "10126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10126"
},
{
"name": "MDKSA-2003:106",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0853",
"datePublished": "2003-10-25T04:00:00",
"dateReserved": "2003-10-10T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0854 (GCVE-0-2003-0854)
Vulnerability from cvelistv5 – Published: 2003-10-25 04:00 – Updated: 2024-08-08 02:05
VLAI?
Summary
ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-705",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"name": "CLA-2003:771",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"name": "115",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/115"
},
{
"name": "CLA-2003:768",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"name": "20031022 Fun with /bin/ls, yet still ls better than windows",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"name": "RHSA-2003:309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"name": "TLSA-2003-60",
"tags": [
"vendor-advisory",
"x_refsource_TURBO",
"x_transferred"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"name": "RHSA-2003:310",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"name": "IMNX-2003-7+-026-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"name": "17069",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17069"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.guninski.com/binls.html"
},
{
"name": "10126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10126"
},
{
"name": "MDKSA-2003:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-705",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"name": "CLA-2003:771",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"name": "115",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/115"
},
{
"name": "CLA-2003:768",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"name": "20031022 Fun with /bin/ls, yet still ls better than windows",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"name": "RHSA-2003:309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"name": "TLSA-2003-60",
"tags": [
"vendor-advisory",
"x_refsource_TURBO"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"name": "RHSA-2003:310",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"name": "IMNX-2003-7+-026-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"name": "17069",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17069"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.guninski.com/binls.html"
},
{
"name": "10126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10126"
},
{
"name": "MDKSA-2003:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-705",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"name": "CLA-2003:771",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"name": "115",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/115"
},
{
"name": "CLA-2003:768",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"name": "20031022 Fun with /bin/ls, yet still ls better than windows",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"name": "RHSA-2003:309",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"name": "TLSA-2003-60",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"name": "RHSA-2003:310",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"name": "IMNX-2003-7+-026-01",
"refsource": "IMMUNIX",
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"name": "17069",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17069"
},
{
"name": "http://www.guninski.com/binls.html",
"refsource": "MISC",
"url": "http://www.guninski.com/binls.html"
},
{
"name": "10126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10126"
},
{
"name": "MDKSA-2003:106",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0854",
"datePublished": "2003-10-25T04:00:00",
"dateReserved": "2003-10-10T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0466 (GCVE-0-2003-0466)
Vulnerability from cvelistv5 – Published: 2003-08-01 04:00 – Updated: 2024-08-08 01:58
VLAI?
Summary
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:10.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030804 Off-by-one Buffer Overflow Vulnerability in BSD libc realpath(3)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106002488209129\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt"
},
{
"name": "9446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/9446"
},
{
"name": "6602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6602"
},
{
"name": "oval:org.mitre.oval:def:1970",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1970"
},
{
"name": "20060213 Latest wu-ftpd exploit :-s",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/424852/100/0/threaded"
},
{
"name": "8315",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8315"
},
{
"name": "9423",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/9423"
},
{
"name": "20030731 wu-ftpd fb_realpath() off-by-one bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105967301604815\u0026w=2"
},
{
"name": "20030731 wu-ftpd fb_realpath() off-by-one bug",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html"
},
{
"name": "IMNX-2003-7+-019-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01"
},
{
"name": "RHSA-2003:246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-246.html"
},
{
"name": "20060214 Re: Latest wu-ftpd exploit :-s",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425061/100/0/threaded"
},
{
"name": "VU#743092",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/743092"
},
{
"name": "RHSA-2003:245",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-245.html"
},
{
"name": "SuSE-SA:2003:032",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2003_032_wuftpd.html"
},
{
"name": "1001257",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001257.1-1"
},
{
"name": "DSA-357",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-357"
},
{
"name": "20030804 wu-ftpd-2.6.2 off-by-one remote exploit.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106001702232325\u0026w=2"
},
{
"name": "1007380",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1007380"
},
{
"name": "MDKSA-2003:080",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:080"
},
{
"name": "libc-realpath-offbyone-bo(12785)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12785"
},
{
"name": "FreeBSD-SA-03:08",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106001410028809\u0026w=2"
},
{
"name": "TLSA-2003-46",
"tags": [
"vendor-advisory",
"x_refsource_TURBO",
"x_transferred"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-46.txt"
},
{
"name": "NetBSD-SA2003-011.txt.asc",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc"
},
{
"name": "9535",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/9535"
},
{
"name": "9447",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/9447"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030804 Off-by-one Buffer Overflow Vulnerability in BSD libc realpath(3)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106002488209129\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt"
},
{
"name": "9446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/9446"
},
{
"name": "6602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6602"
},
{
"name": "oval:org.mitre.oval:def:1970",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1970"
},
{
"name": "20060213 Latest wu-ftpd exploit :-s",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/424852/100/0/threaded"
},
{
"name": "8315",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8315"
},
{
"name": "9423",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/9423"
},
{
"name": "20030731 wu-ftpd fb_realpath() off-by-one bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105967301604815\u0026w=2"
},
{
"name": "20030731 wu-ftpd fb_realpath() off-by-one bug",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html"
},
{
"name": "IMNX-2003-7+-019-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01"
},
{
"name": "RHSA-2003:246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-246.html"
},
{
"name": "20060214 Re: Latest wu-ftpd exploit :-s",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425061/100/0/threaded"
},
{
"name": "VU#743092",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/743092"
},
{
"name": "RHSA-2003:245",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-245.html"
},
{
"name": "SuSE-SA:2003:032",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2003_032_wuftpd.html"
},
{
"name": "1001257",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001257.1-1"
},
{
"name": "DSA-357",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-357"
},
{
"name": "20030804 wu-ftpd-2.6.2 off-by-one remote exploit.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106001702232325\u0026w=2"
},
{
"name": "1007380",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1007380"
},
{
"name": "MDKSA-2003:080",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:080"
},
{
"name": "libc-realpath-offbyone-bo(12785)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12785"
},
{
"name": "FreeBSD-SA-03:08",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106001410028809\u0026w=2"
},
{
"name": "TLSA-2003-46",
"tags": [
"vendor-advisory",
"x_refsource_TURBO"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-46.txt"
},
{
"name": "NetBSD-SA2003-011.txt.asc",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc"
},
{
"name": "9535",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/9535"
},
{
"name": "9447",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/9447"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030804 Off-by-one Buffer Overflow Vulnerability in BSD libc realpath(3)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106002488209129\u0026w=2"
},
{
"name": "http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt",
"refsource": "MISC",
"url": "http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt"
},
{
"name": "9446",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9446"
},
{
"name": "6602",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6602"
},
{
"name": "oval:org.mitre.oval:def:1970",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1970"
},
{
"name": "20060213 Latest wu-ftpd exploit :-s",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424852/100/0/threaded"
},
{
"name": "8315",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8315"
},
{
"name": "9423",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9423"
},
{
"name": "20030731 wu-ftpd fb_realpath() off-by-one bug",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105967301604815\u0026w=2"
},
{
"name": "20030731 wu-ftpd fb_realpath() off-by-one bug",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html"
},
{
"name": "IMNX-2003-7+-019-01",
"refsource": "IMMUNIX",
"url": "http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01"
},
{
"name": "RHSA-2003:246",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-246.html"
},
{
"name": "20060214 Re: Latest wu-ftpd exploit :-s",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425061/100/0/threaded"
},
{
"name": "VU#743092",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/743092"
},
{
"name": "RHSA-2003:245",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-245.html"
},
{
"name": "SuSE-SA:2003:032",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_032_wuftpd.html"
},
{
"name": "1001257",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001257.1-1"
},
{
"name": "DSA-357",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-357"
},
{
"name": "20030804 wu-ftpd-2.6.2 off-by-one remote exploit.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106001702232325\u0026w=2"
},
{
"name": "1007380",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1007380"
},
{
"name": "MDKSA-2003:080",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:080"
},
{
"name": "libc-realpath-offbyone-bo(12785)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12785"
},
{
"name": "FreeBSD-SA-03:08",
"refsource": "FREEBSD",
"url": "http://marc.info/?l=bugtraq\u0026m=106001410028809\u0026w=2"
},
{
"name": "TLSA-2003-46",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/security/TLSA-2003-46.txt"
},
{
"name": "NetBSD-SA2003-011.txt.asc",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc"
},
{
"name": "9535",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9535"
},
{
"name": "9447",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9447"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0466",
"datePublished": "2003-08-01T04:00:00",
"dateReserved": "2003-06-26T00:00:00",
"dateUpdated": "2024-08-08T01:58:10.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0550 (GCVE-0-2001-0550)
Vulnerability from cvelistv5 – Published: 2002-06-25 04:00 – Updated: 2024-08-08 04:21
VLAI?
Summary
wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SuSE-SA:2001:043",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
},
{
"name": "20011128 CORE-20011001: Wu-FTP glob heap corruption vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100700363414799\u0026w=2"
},
{
"name": "CA-2001-33",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2001-33.html"
},
{
"name": "wuftp-glob-heap-corruption(7611)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7611"
},
{
"name": "MDKSA-2001:090",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3"
},
{
"name": "CLA-2001:442",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000442"
},
{
"name": "HPSBUX0107-162",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162"
},
{
"name": "20010430 some ftpd implementations mishandle CWD ~{",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/82/180823"
},
{
"name": "CSSA-2001-041.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt"
},
{
"name": "DSA-087",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2001/dsa-087"
},
{
"name": "IMNX-2001-70-036-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01"
},
{
"name": "RHSA-2001:157",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-157.html"
},
{
"name": "VU#886083",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/886083"
},
{
"name": "3581",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a \"~{\" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-16T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SuSE-SA:2001:043",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
},
{
"name": "20011128 CORE-20011001: Wu-FTP glob heap corruption vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100700363414799\u0026w=2"
},
{
"name": "CA-2001-33",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2001-33.html"
},
{
"name": "wuftp-glob-heap-corruption(7611)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7611"
},
{
"name": "MDKSA-2001:090",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3"
},
{
"name": "CLA-2001:442",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000442"
},
{
"name": "HPSBUX0107-162",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162"
},
{
"name": "20010430 some ftpd implementations mishandle CWD ~{",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV"
],
"url": "http://www.securityfocus.com/archive/82/180823"
},
{
"name": "CSSA-2001-041.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt"
},
{
"name": "DSA-087",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2001/dsa-087"
},
{
"name": "IMNX-2001-70-036-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01"
},
{
"name": "RHSA-2001:157",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-157.html"
},
{
"name": "VU#886083",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/886083"
},
{
"name": "3581",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3581"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a \"~{\" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SuSE-SA:2001:043",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
},
{
"name": "20011128 CORE-20011001: Wu-FTP glob heap corruption vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=100700363414799\u0026w=2"
},
{
"name": "CA-2001-33",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2001-33.html"
},
{
"name": "wuftp-glob-heap-corruption(7611)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7611"
},
{
"name": "MDKSA-2001:090",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3"
},
{
"name": "CLA-2001:442",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000442"
},
{
"name": "HPSBUX0107-162",
"refsource": "HP",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162"
},
{
"name": "20010430 some ftpd implementations mishandle CWD ~{",
"refsource": "VULN-DEV",
"url": "http://www.securityfocus.com/archive/82/180823"
},
{
"name": "CSSA-2001-041.0",
"refsource": "CALDERA",
"url": "http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt"
},
{
"name": "DSA-087",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-087"
},
{
"name": "IMNX-2001-70-036-01",
"refsource": "IMMUNIX",
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01"
},
{
"name": "RHSA-2001:157",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-157.html"
},
{
"name": "VU#886083",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/886083"
},
{
"name": "3581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3581"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0550",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2001-07-18T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1326 (GCVE-0-1999-1326)
Vulnerability from cvelistv5 – Published: 2002-03-09 05:00 – Updated: 2024-08-01 17:11
VLAI?
Summary
wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:11:02.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "wuftpd-abor-gain-privileges(7169)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7169"
},
{
"name": "19970105 BoS: serious security bug in wu-ftpd v2.4 -- PATCH",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=87602167420408\u0026w=2"
},
{
"name": "19970104 serious security bug in wu-ftpd v2.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=87602167420401\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1997-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "wuftpd-abor-gain-privileges(7169)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7169"
},
{
"name": "19970105 BoS: serious security bug in wu-ftpd v2.4 -- PATCH",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=87602167420408\u0026w=2"
},
{
"name": "19970104 serious security bug in wu-ftpd v2.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=87602167420401\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wuftpd-abor-gain-privileges(7169)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7169"
},
{
"name": "19970105 BoS: serious security bug in wu-ftpd v2.4 -- PATCH",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=87602167420408\u0026w=2"
},
{
"name": "19970104 serious security bug in wu-ftpd v2.4",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=87602167420401\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1326",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T17:11:02.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0935 (GCVE-0-2001-0935)
Vulnerability from cvelistv5 – Published: 2002-02-02 05:00 – Updated: 2024-08-08 04:37
VLAI?
Summary
Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:37:07.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SuSE-SA:2001:043",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-06T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SuSE-SA:2001:043",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SuSE-SA:2001:043",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0935",
"datePublished": "2002-02-02T05:00:00",
"dateReserved": "2002-01-31T00:00:00",
"dateUpdated": "2024-08-08T04:37:07.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1329 (GCVE-0-2003-1329)
Vulnerability from nvd – Published: 2007-05-21 20:00 – Updated: 2024-09-16 23:55
VLAI?
Summary
ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only allow one non-connected socket bound to the same local address," does not close failed connections, which allows remote attackers to cause a denial of service.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:02.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34670",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/34670"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ftpd.c in wu-ftpd 2.6.2, when running on \"operating systems that only allow one non-connected socket bound to the same local address,\" does not close failed connections, which allows remote attackers to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-05-21T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34670",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/34670"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ftpd.c in wu-ftpd 2.6.2, when running on \"operating systems that only allow one non-connected socket bound to the same local address,\" does not close failed connections, which allows remote attackers to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34670",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/34670"
},
{
"name": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch",
"refsource": "CONFIRM",
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1329",
"datePublished": "2007-05-21T20:00:00Z",
"dateReserved": "2007-05-21T00:00:00Z",
"dateUpdated": "2024-09-16T23:55:39.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1327 (GCVE-0-2003-1327)
Vulnerability from nvd – Published: 2007-05-15 10:00 – Updated: 2024-08-08 02:28
VLAI?
Summary
Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:01.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "wuftp-mailadmin-sockprintf-bo(13269)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13269"
},
{
"name": "SSA:2003-259-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2003\u0026m=slackware-security.365971"
},
{
"name": "1007775",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1007775"
},
{
"name": "8668",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8668"
},
{
"name": "9835",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/9835"
},
{
"name": "2594",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/2594"
},
{
"name": "20030922 Wu_ftpd all versions (not) vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-09/0348.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "wuftp-mailadmin-sockprintf-bo(13269)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13269"
},
{
"name": "SSA:2003-259-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2003\u0026m=slackware-security.365971"
},
{
"name": "1007775",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1007775"
},
{
"name": "8668",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8668"
},
{
"name": "9835",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/9835"
},
{
"name": "2594",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/2594"
},
{
"name": "20030922 Wu_ftpd all versions (not) vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-09/0348.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wuftp-mailadmin-sockprintf-bo(13269)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13269"
},
{
"name": "SSA:2003-259-03",
"refsource": "SLACKWARE",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2003\u0026m=slackware-security.365971"
},
{
"name": "1007775",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1007775"
},
{
"name": "8668",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8668"
},
{
"name": "9835",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9835"
},
{
"name": "2594",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2594"
},
{
"name": "20030922 Wu_ftpd all versions (not) vulnerability.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-09/0348.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1327",
"datePublished": "2007-05-15T10:00:00",
"dateReserved": "2007-05-14T00:00:00",
"dateUpdated": "2024-08-08T02:28:01.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0256 (GCVE-0-2005-0256)
Vulnerability from nvd – Published: 2005-02-25 05:00 – Updated: 2024-08-07 21:05
VLAI?
Summary
The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-705",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"name": "18210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18210"
},
{
"name": "oval:org.mitre.oval:def:1762",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1762"
},
{
"name": "ADV-2006-1271",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1271"
},
{
"name": "ADV-2005-0588",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0588"
},
{
"name": "57795",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57795-1"
},
{
"name": "14411",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14411"
},
{
"name": "oval:org.mitre.oval:def:1265",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1265"
},
{
"name": "HPSBUX02110",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342"
},
{
"name": "101699",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101699-1"
},
{
"name": "SCOSA-2005.63",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.63/SCOSA-2005.63.txt"
},
{
"name": "19561",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19561"
},
{
"name": "SSRT061110",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342"
},
{
"name": "20050225 WU-FTPD File Globbing Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=207\u0026type=vulnerabilities"
},
{
"name": "oval:org.mitre.oval:def:1333",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1333"
},
{
"name": "14203",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/14203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-705",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"name": "18210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18210"
},
{
"name": "oval:org.mitre.oval:def:1762",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1762"
},
{
"name": "ADV-2006-1271",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1271"
},
{
"name": "ADV-2005-0588",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0588"
},
{
"name": "57795",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57795-1"
},
{
"name": "14411",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14411"
},
{
"name": "oval:org.mitre.oval:def:1265",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1265"
},
{
"name": "HPSBUX02110",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342"
},
{
"name": "101699",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101699-1"
},
{
"name": "SCOSA-2005.63",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.63/SCOSA-2005.63.txt"
},
{
"name": "19561",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19561"
},
{
"name": "SSRT061110",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342"
},
{
"name": "20050225 WU-FTPD File Globbing Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=207\u0026type=vulnerabilities"
},
{
"name": "oval:org.mitre.oval:def:1333",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1333"
},
{
"name": "14203",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/14203"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-705",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"name": "18210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18210"
},
{
"name": "oval:org.mitre.oval:def:1762",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1762"
},
{
"name": "ADV-2006-1271",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1271"
},
{
"name": "ADV-2005-0588",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0588"
},
{
"name": "57795",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57795-1"
},
{
"name": "14411",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14411"
},
{
"name": "oval:org.mitre.oval:def:1265",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1265"
},
{
"name": "HPSBUX02110",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342"
},
{
"name": "101699",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101699-1"
},
{
"name": "SCOSA-2005.63",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.63/SCOSA-2005.63.txt"
},
{
"name": "19561",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19561"
},
{
"name": "SSRT061110",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342"
},
{
"name": "20050225 WU-FTPD File Globbing Denial of Service Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=207\u0026type=vulnerabilities"
},
{
"name": "oval:org.mitre.oval:def:1333",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1333"
},
{
"name": "14203",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/14203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0256",
"datePublished": "2005-02-25T05:00:00",
"dateReserved": "2005-02-09T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0148 (GCVE-0-2004-0148)
Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 00:10
VLAI?
Summary
wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "wuftpd-restrictedgid-gain-access(15423)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15423"
},
{
"name": "oval:org.mitre.oval:def:1637",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1637"
},
{
"name": "102356",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1"
},
{
"name": "DSA-457",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-457"
},
{
"name": "oval:org.mitre.oval:def:1147",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1147"
},
{
"name": "11055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11055"
},
{
"name": "20168",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20168"
},
{
"name": "SSRT4704",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108999466902690\u0026w=2"
},
{
"name": "9832",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9832"
},
{
"name": "oval:org.mitre.oval:def:648",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A648"
},
{
"name": "RHSA-2004:096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-096.html"
},
{
"name": "oval:org.mitre.oval:def:1636",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1636"
},
{
"name": "ADV-2006-1867",
"tags": [
"third-party-advisory",
"x_refsource_FRSIRT",
"x_transferred"
],
"url": "http://www.frsirt.com/english/advisories/2006/1867"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-05-22T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "wuftpd-restrictedgid-gain-access(15423)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15423"
},
{
"name": "oval:org.mitre.oval:def:1637",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1637"
},
{
"name": "102356",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1"
},
{
"name": "DSA-457",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-457"
},
{
"name": "oval:org.mitre.oval:def:1147",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1147"
},
{
"name": "11055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11055"
},
{
"name": "20168",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20168"
},
{
"name": "SSRT4704",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108999466902690\u0026w=2"
},
{
"name": "9832",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9832"
},
{
"name": "oval:org.mitre.oval:def:648",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A648"
},
{
"name": "RHSA-2004:096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-096.html"
},
{
"name": "oval:org.mitre.oval:def:1636",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1636"
},
{
"name": "ADV-2006-1867",
"tags": [
"third-party-advisory",
"x_refsource_FRSIRT"
],
"url": "http://www.frsirt.com/english/advisories/2006/1867"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wuftpd-restrictedgid-gain-access(15423)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15423"
},
{
"name": "oval:org.mitre.oval:def:1637",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1637"
},
{
"name": "102356",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1"
},
{
"name": "DSA-457",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-457"
},
{
"name": "oval:org.mitre.oval:def:1147",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1147"
},
{
"name": "11055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11055"
},
{
"name": "20168",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20168"
},
{
"name": "SSRT4704",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=108999466902690\u0026w=2"
},
{
"name": "9832",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9832"
},
{
"name": "oval:org.mitre.oval:def:648",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A648"
},
{
"name": "RHSA-2004:096",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-096.html"
},
{
"name": "oval:org.mitre.oval:def:1636",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1636"
},
{
"name": "ADV-2006-1867",
"refsource": "FRSIRT",
"url": "http://www.frsirt.com/english/advisories/2006/1867"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0148",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0185 (GCVE-0-2004-0185)
Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 00:10
VLAI?
Summary
Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch"
},
{
"name": "8893",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8893"
},
{
"name": "DSA-457",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-457"
},
{
"name": "wuftpd-skey-bo(13518)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13518"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/unixfocus/6X00Q1P8KC.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt"
},
{
"name": "RHSA-2004:096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-096.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch"
},
{
"name": "8893",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8893"
},
{
"name": "DSA-457",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-457"
},
{
"name": "wuftpd-skey-bo(13518)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13518"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/unixfocus/6X00Q1P8KC.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt"
},
{
"name": "RHSA-2004:096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-096.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch",
"refsource": "CONFIRM",
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch"
},
{
"name": "8893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8893"
},
{
"name": "DSA-457",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-457"
},
{
"name": "wuftpd-skey-bo(13518)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13518"
},
{
"name": "http://www.securiteam.com/unixfocus/6X00Q1P8KC.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/6X00Q1P8KC.html"
},
{
"name": "http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt",
"refsource": "MISC",
"url": "http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt"
},
{
"name": "RHSA-2004:096",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-096.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0185",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-03-02T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0853 (GCVE-0-2003-0853)
Vulnerability from nvd – Published: 2003-10-25 04:00 – Updated: 2024-08-08 02:05
VLAI?
Summary
An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2003:771",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"name": "CLA-2003:768",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"name": "20031022 Fun with /bin/ls, yet still ls better than windows",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"name": "RHSA-2003:309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"name": "TLSA-2003-60",
"tags": [
"vendor-advisory",
"x_refsource_TURBO",
"x_transferred"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"name": "RHSA-2003:310",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"name": "8875",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8875"
},
{
"name": "IMNX-2003-7+-026-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"name": "17069",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17069"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.guninski.com/binls.html"
},
{
"name": "10126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10126"
},
{
"name": "MDKSA-2003:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-10-28T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2003:771",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"name": "CLA-2003:768",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"name": "20031022 Fun with /bin/ls, yet still ls better than windows",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"name": "RHSA-2003:309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"name": "TLSA-2003-60",
"tags": [
"vendor-advisory",
"x_refsource_TURBO"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"name": "RHSA-2003:310",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"name": "8875",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8875"
},
{
"name": "IMNX-2003-7+-026-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"name": "17069",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17069"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.guninski.com/binls.html"
},
{
"name": "10126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10126"
},
{
"name": "MDKSA-2003:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2003:771",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"name": "CLA-2003:768",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"name": "20031022 Fun with /bin/ls, yet still ls better than windows",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"name": "RHSA-2003:309",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"name": "TLSA-2003-60",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"name": "RHSA-2003:310",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"name": "8875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8875"
},
{
"name": "IMNX-2003-7+-026-01",
"refsource": "IMMUNIX",
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"name": "17069",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17069"
},
{
"name": "http://www.guninski.com/binls.html",
"refsource": "MISC",
"url": "http://www.guninski.com/binls.html"
},
{
"name": "10126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10126"
},
{
"name": "MDKSA-2003:106",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0853",
"datePublished": "2003-10-25T04:00:00",
"dateReserved": "2003-10-10T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0854 (GCVE-0-2003-0854)
Vulnerability from nvd – Published: 2003-10-25 04:00 – Updated: 2024-08-08 02:05
VLAI?
Summary
ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-705",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"name": "CLA-2003:771",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"name": "115",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/115"
},
{
"name": "CLA-2003:768",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"name": "20031022 Fun with /bin/ls, yet still ls better than windows",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"name": "RHSA-2003:309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"name": "TLSA-2003-60",
"tags": [
"vendor-advisory",
"x_refsource_TURBO",
"x_transferred"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"name": "RHSA-2003:310",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"name": "IMNX-2003-7+-026-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"name": "17069",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17069"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.guninski.com/binls.html"
},
{
"name": "10126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10126"
},
{
"name": "MDKSA-2003:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-705",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"name": "CLA-2003:771",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"name": "115",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/115"
},
{
"name": "CLA-2003:768",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"name": "20031022 Fun with /bin/ls, yet still ls better than windows",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"name": "RHSA-2003:309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"name": "TLSA-2003-60",
"tags": [
"vendor-advisory",
"x_refsource_TURBO"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"name": "RHSA-2003:310",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"name": "IMNX-2003-7+-026-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"name": "17069",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17069"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.guninski.com/binls.html"
},
{
"name": "10126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10126"
},
{
"name": "MDKSA-2003:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-705",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"name": "CLA-2003:771",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"name": "115",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/115"
},
{
"name": "CLA-2003:768",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"name": "20031022 Fun with /bin/ls, yet still ls better than windows",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"name": "RHSA-2003:309",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"name": "TLSA-2003-60",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"name": "RHSA-2003:310",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"name": "IMNX-2003-7+-026-01",
"refsource": "IMMUNIX",
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"name": "17069",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17069"
},
{
"name": "http://www.guninski.com/binls.html",
"refsource": "MISC",
"url": "http://www.guninski.com/binls.html"
},
{
"name": "10126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10126"
},
{
"name": "MDKSA-2003:106",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0854",
"datePublished": "2003-10-25T04:00:00",
"dateReserved": "2003-10-10T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0466 (GCVE-0-2003-0466)
Vulnerability from nvd – Published: 2003-08-01 04:00 – Updated: 2024-08-08 01:58
VLAI?
Summary
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:10.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030804 Off-by-one Buffer Overflow Vulnerability in BSD libc realpath(3)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106002488209129\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt"
},
{
"name": "9446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/9446"
},
{
"name": "6602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6602"
},
{
"name": "oval:org.mitre.oval:def:1970",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1970"
},
{
"name": "20060213 Latest wu-ftpd exploit :-s",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/424852/100/0/threaded"
},
{
"name": "8315",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8315"
},
{
"name": "9423",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/9423"
},
{
"name": "20030731 wu-ftpd fb_realpath() off-by-one bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105967301604815\u0026w=2"
},
{
"name": "20030731 wu-ftpd fb_realpath() off-by-one bug",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html"
},
{
"name": "IMNX-2003-7+-019-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01"
},
{
"name": "RHSA-2003:246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-246.html"
},
{
"name": "20060214 Re: Latest wu-ftpd exploit :-s",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425061/100/0/threaded"
},
{
"name": "VU#743092",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/743092"
},
{
"name": "RHSA-2003:245",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-245.html"
},
{
"name": "SuSE-SA:2003:032",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2003_032_wuftpd.html"
},
{
"name": "1001257",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001257.1-1"
},
{
"name": "DSA-357",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-357"
},
{
"name": "20030804 wu-ftpd-2.6.2 off-by-one remote exploit.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106001702232325\u0026w=2"
},
{
"name": "1007380",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1007380"
},
{
"name": "MDKSA-2003:080",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:080"
},
{
"name": "libc-realpath-offbyone-bo(12785)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12785"
},
{
"name": "FreeBSD-SA-03:08",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106001410028809\u0026w=2"
},
{
"name": "TLSA-2003-46",
"tags": [
"vendor-advisory",
"x_refsource_TURBO",
"x_transferred"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-46.txt"
},
{
"name": "NetBSD-SA2003-011.txt.asc",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc"
},
{
"name": "9535",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/9535"
},
{
"name": "9447",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/9447"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030804 Off-by-one Buffer Overflow Vulnerability in BSD libc realpath(3)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106002488209129\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt"
},
{
"name": "9446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/9446"
},
{
"name": "6602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6602"
},
{
"name": "oval:org.mitre.oval:def:1970",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1970"
},
{
"name": "20060213 Latest wu-ftpd exploit :-s",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/424852/100/0/threaded"
},
{
"name": "8315",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8315"
},
{
"name": "9423",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/9423"
},
{
"name": "20030731 wu-ftpd fb_realpath() off-by-one bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105967301604815\u0026w=2"
},
{
"name": "20030731 wu-ftpd fb_realpath() off-by-one bug",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html"
},
{
"name": "IMNX-2003-7+-019-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01"
},
{
"name": "RHSA-2003:246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-246.html"
},
{
"name": "20060214 Re: Latest wu-ftpd exploit :-s",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425061/100/0/threaded"
},
{
"name": "VU#743092",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/743092"
},
{
"name": "RHSA-2003:245",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-245.html"
},
{
"name": "SuSE-SA:2003:032",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2003_032_wuftpd.html"
},
{
"name": "1001257",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001257.1-1"
},
{
"name": "DSA-357",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-357"
},
{
"name": "20030804 wu-ftpd-2.6.2 off-by-one remote exploit.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106001702232325\u0026w=2"
},
{
"name": "1007380",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1007380"
},
{
"name": "MDKSA-2003:080",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:080"
},
{
"name": "libc-realpath-offbyone-bo(12785)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12785"
},
{
"name": "FreeBSD-SA-03:08",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106001410028809\u0026w=2"
},
{
"name": "TLSA-2003-46",
"tags": [
"vendor-advisory",
"x_refsource_TURBO"
],
"url": "http://www.turbolinux.com/security/TLSA-2003-46.txt"
},
{
"name": "NetBSD-SA2003-011.txt.asc",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc"
},
{
"name": "9535",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/9535"
},
{
"name": "9447",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/9447"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030804 Off-by-one Buffer Overflow Vulnerability in BSD libc realpath(3)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106002488209129\u0026w=2"
},
{
"name": "http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt",
"refsource": "MISC",
"url": "http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt"
},
{
"name": "9446",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9446"
},
{
"name": "6602",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6602"
},
{
"name": "oval:org.mitre.oval:def:1970",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1970"
},
{
"name": "20060213 Latest wu-ftpd exploit :-s",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424852/100/0/threaded"
},
{
"name": "8315",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8315"
},
{
"name": "9423",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9423"
},
{
"name": "20030731 wu-ftpd fb_realpath() off-by-one bug",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105967301604815\u0026w=2"
},
{
"name": "20030731 wu-ftpd fb_realpath() off-by-one bug",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html"
},
{
"name": "IMNX-2003-7+-019-01",
"refsource": "IMMUNIX",
"url": "http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01"
},
{
"name": "RHSA-2003:246",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-246.html"
},
{
"name": "20060214 Re: Latest wu-ftpd exploit :-s",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425061/100/0/threaded"
},
{
"name": "VU#743092",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/743092"
},
{
"name": "RHSA-2003:245",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-245.html"
},
{
"name": "SuSE-SA:2003:032",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_032_wuftpd.html"
},
{
"name": "1001257",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001257.1-1"
},
{
"name": "DSA-357",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-357"
},
{
"name": "20030804 wu-ftpd-2.6.2 off-by-one remote exploit.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106001702232325\u0026w=2"
},
{
"name": "1007380",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1007380"
},
{
"name": "MDKSA-2003:080",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:080"
},
{
"name": "libc-realpath-offbyone-bo(12785)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12785"
},
{
"name": "FreeBSD-SA-03:08",
"refsource": "FREEBSD",
"url": "http://marc.info/?l=bugtraq\u0026m=106001410028809\u0026w=2"
},
{
"name": "TLSA-2003-46",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/security/TLSA-2003-46.txt"
},
{
"name": "NetBSD-SA2003-011.txt.asc",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc"
},
{
"name": "9535",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9535"
},
{
"name": "9447",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9447"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0466",
"datePublished": "2003-08-01T04:00:00",
"dateReserved": "2003-06-26T00:00:00",
"dateUpdated": "2024-08-08T01:58:10.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0550 (GCVE-0-2001-0550)
Vulnerability from nvd – Published: 2002-06-25 04:00 – Updated: 2024-08-08 04:21
VLAI?
Summary
wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SuSE-SA:2001:043",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
},
{
"name": "20011128 CORE-20011001: Wu-FTP glob heap corruption vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100700363414799\u0026w=2"
},
{
"name": "CA-2001-33",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2001-33.html"
},
{
"name": "wuftp-glob-heap-corruption(7611)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7611"
},
{
"name": "MDKSA-2001:090",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3"
},
{
"name": "CLA-2001:442",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000442"
},
{
"name": "HPSBUX0107-162",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162"
},
{
"name": "20010430 some ftpd implementations mishandle CWD ~{",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/82/180823"
},
{
"name": "CSSA-2001-041.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt"
},
{
"name": "DSA-087",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2001/dsa-087"
},
{
"name": "IMNX-2001-70-036-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01"
},
{
"name": "RHSA-2001:157",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-157.html"
},
{
"name": "VU#886083",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/886083"
},
{
"name": "3581",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a \"~{\" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-16T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SuSE-SA:2001:043",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
},
{
"name": "20011128 CORE-20011001: Wu-FTP glob heap corruption vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100700363414799\u0026w=2"
},
{
"name": "CA-2001-33",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2001-33.html"
},
{
"name": "wuftp-glob-heap-corruption(7611)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7611"
},
{
"name": "MDKSA-2001:090",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3"
},
{
"name": "CLA-2001:442",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000442"
},
{
"name": "HPSBUX0107-162",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162"
},
{
"name": "20010430 some ftpd implementations mishandle CWD ~{",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV"
],
"url": "http://www.securityfocus.com/archive/82/180823"
},
{
"name": "CSSA-2001-041.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt"
},
{
"name": "DSA-087",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2001/dsa-087"
},
{
"name": "IMNX-2001-70-036-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01"
},
{
"name": "RHSA-2001:157",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-157.html"
},
{
"name": "VU#886083",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/886083"
},
{
"name": "3581",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3581"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a \"~{\" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SuSE-SA:2001:043",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
},
{
"name": "20011128 CORE-20011001: Wu-FTP glob heap corruption vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=100700363414799\u0026w=2"
},
{
"name": "CA-2001-33",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2001-33.html"
},
{
"name": "wuftp-glob-heap-corruption(7611)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7611"
},
{
"name": "MDKSA-2001:090",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3"
},
{
"name": "CLA-2001:442",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000442"
},
{
"name": "HPSBUX0107-162",
"refsource": "HP",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162"
},
{
"name": "20010430 some ftpd implementations mishandle CWD ~{",
"refsource": "VULN-DEV",
"url": "http://www.securityfocus.com/archive/82/180823"
},
{
"name": "CSSA-2001-041.0",
"refsource": "CALDERA",
"url": "http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt"
},
{
"name": "DSA-087",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-087"
},
{
"name": "IMNX-2001-70-036-01",
"refsource": "IMMUNIX",
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01"
},
{
"name": "RHSA-2001:157",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-157.html"
},
{
"name": "VU#886083",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/886083"
},
{
"name": "3581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3581"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0550",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2001-07-18T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1326 (GCVE-0-1999-1326)
Vulnerability from nvd – Published: 2002-03-09 05:00 – Updated: 2024-08-01 17:11
VLAI?
Summary
wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:11:02.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "wuftpd-abor-gain-privileges(7169)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7169"
},
{
"name": "19970105 BoS: serious security bug in wu-ftpd v2.4 -- PATCH",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=87602167420408\u0026w=2"
},
{
"name": "19970104 serious security bug in wu-ftpd v2.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=87602167420401\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1997-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "wuftpd-abor-gain-privileges(7169)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7169"
},
{
"name": "19970105 BoS: serious security bug in wu-ftpd v2.4 -- PATCH",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=87602167420408\u0026w=2"
},
{
"name": "19970104 serious security bug in wu-ftpd v2.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=87602167420401\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wuftpd-abor-gain-privileges(7169)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7169"
},
{
"name": "19970105 BoS: serious security bug in wu-ftpd v2.4 -- PATCH",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=87602167420408\u0026w=2"
},
{
"name": "19970104 serious security bug in wu-ftpd v2.4",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=87602167420401\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1326",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T17:11:02.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0935 (GCVE-0-2001-0935)
Vulnerability from nvd – Published: 2002-02-02 05:00 – Updated: 2024-08-08 04:37
VLAI?
Summary
Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:37:07.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SuSE-SA:2001:043",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-06T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SuSE-SA:2001:043",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SuSE-SA:2001:043",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0935",
"datePublished": "2002-02-02T05:00:00",
"dateReserved": "2002-01-31T00:00:00",
"dateUpdated": "2024-08-08T04:37:07.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2005-0256
Vulnerability from fkie_nvd - Published: 2005-05-02 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.63/SCOSA-2005.63.txt | ||
| cve@mitre.org | http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342 | ||
| cve@mitre.org | http://secunia.com/advisories/14411 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/18210 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/19561 | Vendor Advisory | |
| cve@mitre.org | http://sunsolve.sun.com/search/document.do?assetkey=1-26-101699-1 | ||
| cve@mitre.org | http://sunsolve.sun.com/search/document.do?assetkey=1-26-57795-1 | ||
| cve@mitre.org | http://www.debian.org/security/2005/dsa-705 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.idefense.com/application/poi/display?id=207&type=vulnerabilities | Exploit | |
| cve@mitre.org | http://www.osvdb.org/14203 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2005/0588 | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2006/1271 | Vendor Advisory | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1265 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1333 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1762 | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.63/SCOSA-2005.63.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/14411 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18210 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19561 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-26-101699-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-26-57795-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2005/dsa-705 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.idefense.com/application/poi/display?id=207&type=vulnerabilities | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/14203 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/0588 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/1271 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1265 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1333 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1762 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| washington_university | wu-ftpd | 2.6.1 | |
| washington_university | wu-ftpd | 2.6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7196CF2D-8CCC-454A-A2C1-6408A9D636C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D851CEBD-4FE5-46D9-99BD-CA3F3235B2E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command."
}
],
"id": "CVE-2005-0256",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.63/SCOSA-2005.63.txt"
},
{
"source": "cve@mitre.org",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14411"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18210"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19561"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101699-1"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57795-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.idefense.com/application/poi/display?id=207\u0026type=vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/14203"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/0588"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1271"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1265"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1333"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.63/SCOSA-2005.63.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101699-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57795-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.idefense.com/application/poi/display?id=207\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/14203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/0588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1762"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. Red Hat Enterprise Linux 2.1 shipped with wu-ftpd, however we were unable to reproduce this issue. Additionally, a code analysis showed that attempts to exploit this issue would be caught in the versions we shipped.\nhttp://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=149720",
"lastModified": "2006-10-23T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-0148
Vulnerability from fkie_nvd - Published: 2004-04-15 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=108999466902690&w=2 | ||
| cve@mitre.org | http://secunia.com/advisories/11055 | ||
| cve@mitre.org | http://secunia.com/advisories/20168 | ||
| cve@mitre.org | http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1 | ||
| cve@mitre.org | http://www.debian.org/security/2004/dsa-457 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.frsirt.com/english/advisories/2006/1867 | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2004-096.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/9832 | Patch, Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/15423 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1147 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1636 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1637 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A648 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=108999466902690&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/11055 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20168 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2004/dsa-457 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.frsirt.com/english/advisories/2006/1867 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2004-096.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/9832 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/15423 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1147 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1636 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1637 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A648 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sgi | propack | 2.3 | |
| sgi | propack | 2.4 | |
| washington_university | wu-ftpd | 2.4.1 | |
| washington_university | wu-ftpd | 2.4.2_beta2 | |
| washington_university | wu-ftpd | 2.4.2_beta18 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr4 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr5 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr6 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr7 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr8 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr9 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr10 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr11 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr12 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr13 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr14 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr15 | |
| washington_university | wu-ftpd | 2.4.2_vr16 | |
| washington_university | wu-ftpd | 2.4.2_vr17 | |
| washington_university | wu-ftpd | 2.5.0 | |
| washington_university | wu-ftpd | 2.6.0 | |
| washington_university | wu-ftpd | 2.6.1 | |
| washington_university | wu-ftpd | 2.6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "26430687-409B-448F-934B-06AB937DDF63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0702A32E-E577-403C-B4D9-15037D7100A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28E5257A-F5ED-482C-9A0B-3B576513E7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta2:*:academ:*:*:*:*:*",
"matchCriteriaId": "833542E5-B4E7-4995-95C9-E012AE13902D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18:*:academ:*:*:*:*:*",
"matchCriteriaId": "C63ACBE3-5BB2-483E-A5FE-87698E98354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*",
"matchCriteriaId": "B39D46C4-B153-4301-AE9C-57FB6BA64CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*",
"matchCriteriaId": "E55582DD-DEF7-4BF8-950C-E7E58BD29DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF9B9132-19A1-4242-A129-E5A49F466EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9E32F3-06CF-482D-8313-3D098CDE8B6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A096214-84AD-44F5-BBEF-F9F17B9B0C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*",
"matchCriteriaId": "4989799F-143A-45E5-A30C-9E3203649770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3D0CC6-D1A0-4784-BE93-319C7EE59134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA32489-F098-43D2-80B7-89CFE0BE9A3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*:*:*:*:*:*:*",
"matchCriteriaId": "91C6388E-464B-4562-BC7B-7B4A66387B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5711-853D-4A77-8FB3-D5C3D449518D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB1B136-F90E-426B-8010-F2D059E89DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*:*:*:*:*:*:*",
"matchCriteriaId": "CD9EFCD7-2A13-420E-B6A0-C1248B2E6E2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:*:*:*",
"matchCriteriaId": "573486C8-0349-4BC9-AD7D-3FBF93DDB6AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD81A30-9C35-4EEA-B6FE-A4AC76893AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "473E71DD-F779-4F93-838A-AD6768BB8DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E9B738-E8DF-4FE7-B4A5-91DE46A9CF8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7196CF2D-8CCC-454A-A2C1-6408A9D636C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D851CEBD-4FE5-46D9-99BD-CA3F3235B2E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead."
},
{
"lang": "es",
"value": "wu-ftpd 2.6.2 y anteriores, con la opci\u00f3n restricted-gid activada, permite a usuarios locales saltarse restricciones de acceso cambiando los permisos para impedir el acceso a su directorio home, lo que hace que wu-ftpd use el directorio ra\u00edz en su lugar."
}
],
"id": "CVE-2004-0148",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-04-15T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108999466902690\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11055"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20168"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-457"
},
{
"source": "cve@mitre.org",
"url": "http://www.frsirt.com/english/advisories/2006/1867"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-096.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9832"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15423"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1147"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1636"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1637"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108999466902690\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.frsirt.com/english/advisories/2006/1867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A648"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-0185
Vulnerability from fkie_nvd - Published: 2004-03-15 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch | Patch | |
| cve@mitre.org | http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt | URL Repurposed | |
| cve@mitre.org | http://www.debian.org/security/2004/dsa-457 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2004-096.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securiteam.com/unixfocus/6X00Q1P8KC.html | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/8893 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/13518 | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt | URL Repurposed | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2004/dsa-457 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2004-096.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securiteam.com/unixfocus/6X00Q1P8KC.html | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/8893 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/13518 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| washington_university | wu-ftpd | 2.6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D851CEBD-4FE5-46D9-99BD-CA3F3235B2E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la funci\u00f3n skey_challenge en ftpd.c de wu-ftp daemon (wu-ftpd) 2.6.2 permite a atacantes remotos causar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo arbitrario mediante una petici\u00f3n s/key (SKEY) con un nombre muy grande."
}
],
"id": "CVE-2004-0185",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-03-15T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-457"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-096.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securiteam.com/unixfocus/6X00Q1P8KC.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/8893"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securiteam.com/unixfocus/6X00Q1P8KC.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/8893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13518"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2003-1329
Vulnerability from fkie_nvd - Published: 2003-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only allow one non-connected socket bound to the same local address," does not close failed connections, which allows remote attackers to cause a denial of service.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch | Patch | |
| cve@mitre.org | http://www.osvdb.org/34670 | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/34670 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| washington_university | wu-ftpd | 2.6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D851CEBD-4FE5-46D9-99BD-CA3F3235B2E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ftpd.c in wu-ftpd 2.6.2, when running on \"operating systems that only allow one non-connected socket bound to the same local address,\" does not close failed connections, which allows remote attackers to cause a denial of service."
}
],
"id": "CVE-2003-1329",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/34670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/34670"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2003-1327
Vulnerability from fkie_nvd - Published: 2003-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2003-09/0348.html | ||
| cve@mitre.org | http://secunia.com/advisories/9835 | Vendor Advisory | |
| cve@mitre.org | http://securitytracker.com/id?1007775 | ||
| cve@mitre.org | http://www.osvdb.org/2594 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/8668 | ||
| cve@mitre.org | http://www.slackware.org/security/viewer.php?l=slackware-security&y=2003&m=slackware-security.365971 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/13269 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2003-09/0348.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/9835 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1007775 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/2594 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/8668 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.slackware.org/security/viewer.php?l=slackware-security&y=2003&m=slackware-security.365971 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/13269 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| washington_university | wu-ftpd | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "655CB6E8-276B-4738-9775-7976AB7EB2BA",
"versionEndIncluding": "2.6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator."
}
],
"evaluatorImpact": "Successful exploitation requires that the option \"MAIL_ADMIN\" has been enabled (not default), that anonymous users have write permissions on a folder, and that the program has been compiled on a system where very long paths are permitted.",
"id": "CVE-2003-1327",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-09/0348.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/9835"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1007775"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/2594"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/8668"
},
{
"source": "cve@mitre.org",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2003\u0026m=slackware-security.365971"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-09/0348.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/9835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1007775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/2594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/8668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2003\u0026m=slackware-security.365971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13269"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2003-0853
Vulnerability from fkie_nvd - Published: 2003-11-17 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768 | ||
| cve@mitre.org | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771 | ||
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html | ||
| cve@mitre.org | http://secunia.com/advisories/10126 | ||
| cve@mitre.org | http://secunia.com/advisories/17069 | ||
| cve@mitre.org | http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf | ||
| cve@mitre.org | http://www.guninski.com/binls.html | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2003:106 | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2003-309.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2003-310.html | ||
| cve@mitre.org | http://www.securityfocus.com/advisories/6014 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/8875 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://www.turbolinux.com/security/TLSA-2003-60.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/10126 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17069 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.guninski.com/binls.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2003:106 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2003-309.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2003-310.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/advisories/6014 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/8875 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.turbolinux.com/security/TLSA-2003-60.txt |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | fileutils | 4.0 | |
| gnu | fileutils | 4.0.36 | |
| gnu | fileutils | 4.1 | |
| gnu | fileutils | 4.1.6 | |
| gnu | fileutils | 4.1.7 | |
| washington_university | wu-ftpd | 2.4.1 | |
| washington_university | wu-ftpd | 2.4.2_beta2 | |
| washington_university | wu-ftpd | 2.4.2_beta18 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr4 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr5 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr6 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr7 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr8 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr9 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr10 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr11 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr12 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr13 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr14 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr15 | |
| washington_university | wu-ftpd | 2.4.2_vr16 | |
| washington_university | wu-ftpd | 2.4.2_vr17 | |
| washington_university | wu-ftpd | 2.5.0 | |
| washington_university | wu-ftpd | 2.6.0 | |
| washington_university | wu-ftpd | 2.6.1 | |
| washington_university | wu-ftpd | 2.6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5763D60E-A358-4D0A-BD7B-B01CC4CAD7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "5B1309D6-E5D0-41FB-B7E0-2667EE34C796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F6A8F0-396B-4484-9621-70FFC61BF4A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7E2FE284-B564-48C7-9DA4-31A6D9AD3E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F0049681-875E-4876-B2E4-519708F2BBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28E5257A-F5ED-482C-9A0B-3B576513E7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta2:*:academ:*:*:*:*:*",
"matchCriteriaId": "833542E5-B4E7-4995-95C9-E012AE13902D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18:*:academ:*:*:*:*:*",
"matchCriteriaId": "C63ACBE3-5BB2-483E-A5FE-87698E98354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*",
"matchCriteriaId": "B39D46C4-B153-4301-AE9C-57FB6BA64CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*",
"matchCriteriaId": "E55582DD-DEF7-4BF8-950C-E7E58BD29DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF9B9132-19A1-4242-A129-E5A49F466EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9E32F3-06CF-482D-8313-3D098CDE8B6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A096214-84AD-44F5-BBEF-F9F17B9B0C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*",
"matchCriteriaId": "4989799F-143A-45E5-A30C-9E3203649770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3D0CC6-D1A0-4784-BE93-319C7EE59134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA32489-F098-43D2-80B7-89CFE0BE9A3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*:*:*:*:*:*:*",
"matchCriteriaId": "91C6388E-464B-4562-BC7B-7B4A66387B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5711-853D-4A77-8FB3-D5C3D449518D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB1B136-F90E-426B-8010-F2D059E89DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*:*:*:*:*:*:*",
"matchCriteriaId": "CD9EFCD7-2A13-420E-B6A0-C1248B2E6E2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:*:*:*",
"matchCriteriaId": "573486C8-0349-4BC9-AD7D-3FBF93DDB6AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD81A30-9C35-4EEA-B6FE-A4AC76893AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "473E71DD-F779-4F93-838A-AD6768BB8DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E9B738-E8DF-4FE7-B4A5-91DE46A9CF8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7196CF2D-8CCC-454A-A2C1-6408A9D636C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D851CEBD-4FE5-46D9-99BD-CA3F3235B2E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd."
},
{
"lang": "es",
"value": "Un desbordamiento de enteros en ls en los paquetes fileutils o coreutils puede permitir a usuarios locales causar una denegaci\u00f3n de servicio o ejecutar c\u00f3digo arbitrario mediante un valor -w, lo que podr\u00eda ser explotado remotamente mediante aplicaciones que usan ls, como wu-ftpd."
}
],
"id": "CVE-2003-0853",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-11-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/10126"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17069"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.guninski.com/binls.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8875"
},
{
"source": "cve@mitre.org",
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/10126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.guninski.com/binls.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2003-0854
Vulnerability from fkie_nvd - Published: 2003-11-17 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768 | ||
| cve@mitre.org | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771 | ||
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html | ||
| cve@mitre.org | http://secunia.com/advisories/10126 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/17069 | Vendor Advisory | |
| cve@mitre.org | http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf | ||
| cve@mitre.org | http://www.debian.org/security/2005/dsa-705 | ||
| cve@mitre.org | http://www.guninski.com/binls.html | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2003:106 | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2003-309.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2003-310.html | ||
| cve@mitre.org | http://www.securityfocus.com/advisories/6014 | ||
| cve@mitre.org | http://www.turbolinux.com/security/TLSA-2003-60.txt | ||
| cve@mitre.org | https://www.exploit-db.com/exploits/115 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/10126 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17069 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2005/dsa-705 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.guninski.com/binls.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2003:106 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2003-309.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2003-310.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/advisories/6014 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.turbolinux.com/security/TLSA-2003-60.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/115 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | fileutils | 4.0 | |
| gnu | fileutils | 4.0.36 | |
| gnu | fileutils | 4.1 | |
| gnu | fileutils | 4.1.6 | |
| gnu | fileutils | 4.1.7 | |
| washington_university | wu-ftpd | 2.4.1 | |
| washington_university | wu-ftpd | 2.4.2_beta2 | |
| washington_university | wu-ftpd | 2.4.2_beta18 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr4 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr5 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr6 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr7 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr8 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr9 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr10 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr11 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr12 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr13 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr14 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr15 | |
| washington_university | wu-ftpd | 2.4.2_vr16 | |
| washington_university | wu-ftpd | 2.4.2_vr17 | |
| washington_university | wu-ftpd | 2.5.0 | |
| washington_university | wu-ftpd | 2.6.0 | |
| washington_university | wu-ftpd | 2.6.1 | |
| washington_university | wu-ftpd | 2.6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5763D60E-A358-4D0A-BD7B-B01CC4CAD7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "5B1309D6-E5D0-41FB-B7E0-2667EE34C796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F6A8F0-396B-4484-9621-70FFC61BF4A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7E2FE284-B564-48C7-9DA4-31A6D9AD3E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:fileutils:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F0049681-875E-4876-B2E4-519708F2BBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28E5257A-F5ED-482C-9A0B-3B576513E7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta2:*:academ:*:*:*:*:*",
"matchCriteriaId": "833542E5-B4E7-4995-95C9-E012AE13902D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18:*:academ:*:*:*:*:*",
"matchCriteriaId": "C63ACBE3-5BB2-483E-A5FE-87698E98354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*",
"matchCriteriaId": "B39D46C4-B153-4301-AE9C-57FB6BA64CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*",
"matchCriteriaId": "E55582DD-DEF7-4BF8-950C-E7E58BD29DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF9B9132-19A1-4242-A129-E5A49F466EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9E32F3-06CF-482D-8313-3D098CDE8B6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A096214-84AD-44F5-BBEF-F9F17B9B0C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*",
"matchCriteriaId": "4989799F-143A-45E5-A30C-9E3203649770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3D0CC6-D1A0-4784-BE93-319C7EE59134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA32489-F098-43D2-80B7-89CFE0BE9A3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*:*:*:*:*:*:*",
"matchCriteriaId": "91C6388E-464B-4562-BC7B-7B4A66387B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5711-853D-4A77-8FB3-D5C3D449518D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB1B136-F90E-426B-8010-F2D059E89DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*:*:*:*:*:*:*",
"matchCriteriaId": "CD9EFCD7-2A13-420E-B6A0-C1248B2E6E2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:*:*:*",
"matchCriteriaId": "573486C8-0349-4BC9-AD7D-3FBF93DDB6AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD81A30-9C35-4EEA-B6FE-A4AC76893AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "473E71DD-F779-4F93-838A-AD6768BB8DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E9B738-E8DF-4FE7-B4A5-91DE46A9CF8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7196CF2D-8CCC-454A-A2C1-6408A9D636C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D851CEBD-4FE5-46D9-99BD-CA3F3235B2E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd."
},
{
"lang": "es",
"value": "ls en los paquetes fileutils o coreutils permite a usuarios locales consumir una gran cantidad de memoria mediante un valor -w, lo que puede ser explotado remotamente mediante aplicaciones que usan ls, com wu-ftpd."
}
],
"id": "CVE-2003-0854",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-11-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/10126"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17069"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"source": "cve@mitre.org",
"url": "http://www.guninski.com/binls.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"source": "cve@mitre.org",
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/10126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.guninski.com/binls.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/115"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2001-0550
Vulnerability from fkie_nvd - Published: 2001-11-30 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000442 | ||
| cve@mitre.org | http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01 | ||
| cve@mitre.org | http://marc.info/?l=bugtraq&m=100700363414799&w=2 | ||
| cve@mitre.org | http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.cert.org/advisories/CA-2001-33.html | Patch, Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.debian.org/security/2001/dsa-087 | ||
| cve@mitre.org | http://www.kb.cert.org/vuls/id/886083 | Patch, Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2001-157.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/82/180823 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/3581 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/7611 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000442 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=100700363414799&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cert.org/advisories/CA-2001-33.html | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2001/dsa-087 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/886083 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2001-157.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/82/180823 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/3581 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/7611 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| david_madore | ftpd-bsd | 0.3.2 | |
| david_madore | ftpd-bsd | 0.3.3 | |
| washington_university | wu-ftpd | 2.5.0 | |
| washington_university | wu-ftpd | 2.6.0 | |
| washington_university | wu-ftpd | 2.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:david_madore:ftpd-bsd:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2D2E1B-DDF8-4AD5-B208-CDDA0658D267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_madore:ftpd-bsd:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F526A3B-219C-454A-9235-DDC22AB832D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "473E71DD-F779-4F93-838A-AD6768BB8DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E9B738-E8DF-4FE7-B4A5-91DE46A9CF8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7196CF2D-8CCC-454A-A2C1-6408A9D636C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a \"~{\" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob)."
}
],
"id": "CVE-2001-0550",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-11-30T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000442"
},
{
"source": "cve@mitre.org",
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=100700363414799\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2001-33.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2001/dsa-087"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/886083"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-157.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/82/180823"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3581"
},
{
"source": "cve@mitre.org",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=100700363414799\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2001-33.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2001/dsa-087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/886083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-157.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/82/180823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7611"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}