cvelistv5 - cve-2001-0550

CVE-2001-0550 (GCVE-0-2001-0550)

Vulnerability from cvelistv5 – Published: 2002-06-25 04:00 – Updated: 2024-08-08 04:21

Summary

wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE
	http://marc.info/?l=bugtraq&m=100700363414799&w=2	mailing-listx_refsource_BUGTRAQ
	http://www.cert.org/advisories/CA-2001-33.html	third-party-advisoryx_refsource_CERT
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.linux-mandrake.com/en/security/2001/MD…	vendor-advisoryx_refsource_MANDRAKE
	http://distro.conectiva.com.br/atualizacoes/?id=a…	vendor-advisoryx_refsource_CONECTIVA
	http://www1.itrc.hp.com/service/cki/docDisplay.do…	vendor-advisoryx_refsource_HP
	http://www.securityfocus.com/archive/82/180823	mailing-listx_refsource_VULN-DEV
	http://www.caldera.com/support/security/advisorie…	vendor-advisoryx_refsource_CALDERA
	http://www.debian.org/security/2001/dsa-087	vendor-advisoryx_refsource_DEBIAN
	http://download.immunix.org/ImmunixOS/7.0/updates…	vendor-advisoryx_refsource_IMMUNIX
	http://www.redhat.com/support/errata/RHSA-2001-157.html	vendor-advisoryx_refsource_REDHAT
	http://www.kb.cert.org/vuls/id/886083	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/bid/3581	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T04:21:38.519Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SuSE-SA:2001:043",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
          },
          {
            "name": "20011128 CORE-20011001: Wu-FTP glob heap corruption vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=100700363414799\u0026w=2"
          },
          {
            "name": "CA-2001-33",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.cert.org/advisories/CA-2001-33.html"
          },
          {
            "name": "wuftp-glob-heap-corruption(7611)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7611"
          },
          {
            "name": "MDKSA-2001:090",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3"
          },
          {
            "name": "CLA-2001:442",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000442"
          },
          {
            "name": "HPSBUX0107-162",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162"
          },
          {
            "name": "20010430 some ftpd implementations mishandle CWD ~{",
            "tags": [
              "mailing-list",
              "x_refsource_VULN-DEV",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/82/180823"
          },
          {
            "name": "CSSA-2001-041.0",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt"
          },
          {
            "name": "DSA-087",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2001/dsa-087"
          },
          {
            "name": "IMNX-2001-70-036-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_IMMUNIX",
              "x_transferred"
            ],
            "url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01"
          },
          {
            "name": "RHSA-2001:157",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2001-157.html"
          },
          {
            "name": "VU#886083",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/886083"
          },
          {
            "name": "3581",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3581"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2001-04-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a \"~{\" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2002-06-16T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SuSE-SA:2001:043",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
        },
        {
          "name": "20011128 CORE-20011001: Wu-FTP glob heap corruption vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=100700363414799\u0026w=2"
        },
        {
          "name": "CA-2001-33",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.cert.org/advisories/CA-2001-33.html"
        },
        {
          "name": "wuftp-glob-heap-corruption(7611)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7611"
        },
        {
          "name": "MDKSA-2001:090",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3"
        },
        {
          "name": "CLA-2001:442",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000442"
        },
        {
          "name": "HPSBUX0107-162",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162"
        },
        {
          "name": "20010430 some ftpd implementations mishandle CWD ~{",
          "tags": [
            "mailing-list",
            "x_refsource_VULN-DEV"
          ],
          "url": "http://www.securityfocus.com/archive/82/180823"
        },
        {
          "name": "CSSA-2001-041.0",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt"
        },
        {
          "name": "DSA-087",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2001/dsa-087"
        },
        {
          "name": "IMNX-2001-70-036-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_IMMUNIX"
          ],
          "url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01"
        },
        {
          "name": "RHSA-2001:157",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2001-157.html"
        },
        {
          "name": "VU#886083",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/886083"
        },
        {
          "name": "3581",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3581"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2001-0550",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a \"~{\" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SuSE-SA:2001:043",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
            },
            {
              "name": "20011128 CORE-20011001: Wu-FTP glob heap corruption vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=100700363414799\u0026w=2"
            },
            {
              "name": "CA-2001-33",
              "refsource": "CERT",
              "url": "http://www.cert.org/advisories/CA-2001-33.html"
            },
            {
              "name": "wuftp-glob-heap-corruption(7611)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7611"
            },
            {
              "name": "MDKSA-2001:090",
              "refsource": "MANDRAKE",
              "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3"
            },
            {
              "name": "CLA-2001:442",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000442"
            },
            {
              "name": "HPSBUX0107-162",
              "refsource": "HP",
              "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162"
            },
            {
              "name": "20010430 some ftpd implementations mishandle CWD ~{",
              "refsource": "VULN-DEV",
              "url": "http://www.securityfocus.com/archive/82/180823"
            },
            {
              "name": "CSSA-2001-041.0",
              "refsource": "CALDERA",
              "url": "http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt"
            },
            {
              "name": "DSA-087",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2001/dsa-087"
            },
            {
              "name": "IMNX-2001-70-036-01",
              "refsource": "IMMUNIX",
              "url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01"
            },
            {
              "name": "RHSA-2001:157",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2001-157.html"
            },
            {
              "name": "VU#886083",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/886083"
            },
            {
              "name": "3581",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3581"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2001-0550",
    "datePublished": "2002-06-25T04:00:00",
    "dateReserved": "2001-07-18T00:00:00",
    "dateUpdated": "2024-08-08T04:21:38.519Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_madore:ftpd-bsd:0.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB2D2E1B-DDF8-4AD5-B208-CDDA0658D267\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:david_madore:ftpd-bsd:0.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F526A3B-219C-454A-9235-DDC22AB832D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"473E71DD-F779-4F93-838A-AD6768BB8DFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5E9B738-E8DF-4FE7-B4A5-91DE46A9CF8F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7196CF2D-8CCC-454A-A2C1-6408A9D636C5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a \\\"~{\\\" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).\"}]",
      "id": "CVE-2001-0550",
      "lastModified": "2024-11-20T23:35:37.577",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2001-11-30T05:00:00.000",
      "references": "[{\"url\": \"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000442\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=100700363414799\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.cert.org/advisories/CA-2001-33.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.debian.org/security/2001/dsa-087\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/886083\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2001-157.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/82/180823\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/3581\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/7611\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000442\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=100700363414799\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.cert.org/advisories/CA-2001-33.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.debian.org/security/2001/dsa-087\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/886083\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2001-157.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/82/180823\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/3581\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/7611\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2001-0550\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2001-11-30T05:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a \\\"~{\\\" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_madore:ftpd-bsd:0.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB2D2E1B-DDF8-4AD5-B208-CDDA0658D267\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:david_madore:ftpd-bsd:0.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F526A3B-219C-454A-9235-DDC22AB832D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"473E71DD-F779-4F93-838A-AD6768BB8DFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5E9B738-E8DF-4FE7-B4A5-91DE46A9CF8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7196CF2D-8CCC-454A-A2C1-6408A9D636C5\"}]}]}],\"references\":[{\"url\":\"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000442\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=100700363414799\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.cert.org/advisories/CA-2001-33.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.debian.org/security/2001/dsa-087\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/886083\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2001-157.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/82/180823\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/3581\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/7611\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000442\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=100700363414799\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.cert.org/advisories/CA-2001-33.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.debian.org/security/2001/dsa-087\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/886083\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2001-157.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/82/180823\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/3581\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/7611\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

RHSA-2001:157

Vulnerability from csaf_redhat - Published: 2001-11-27 23:35 - Updated: 2025-11-21 17:24

Summary

Red Hat Security Advisory: : Updated wu-ftpd packages are available

Notes

Topic

Updated wu-ftpd packages are available to fix an overflowable buffer.

Details

An overflowable buffer exists in earlier versions of wu-ftpd. An attacker could gain access to the machine by sending malicious commands. It is recommended that all users of wu-ftpd upgrade to the lastest version.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated wu-ftpd packages are available to fix an overflowable buffer.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "An overflowable buffer exists in earlier versions of wu-ftpd.\nAn attacker could gain access to the machine by sending malicious \ncommands.\n\nIt is recommended that all users of wu-ftpd upgrade to the lastest\nversion.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2001:157",
        "url": "https://access.redhat.com/errata/RHSA-2001:157"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2001/rhsa-2001_157.json"
      }
    ],
    "title": "Red Hat Security Advisory: : Updated wu-ftpd packages are available",
    "tracking": {
      "current_release_date": "2025-11-21T17:24:43+00:00",
      "generator": {
        "date": "2025-11-21T17:24:43+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2001:157",
      "initial_release_date": "2001-11-27T23:35:00+00:00",
      "revision_history": [
        {
          "date": "2001-11-27T23:35:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2001-11-20T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:24:43+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 6.2",
                "product": {
                  "name": "Red Hat Linux 6.2",
                  "product_id": "Red Hat Linux 6.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:6.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.0",
                "product": {
                  "name": "Red Hat Linux 7.0",
                  "product_id": "Red Hat Linux 7.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.1",
                "product": {
                  "name": "Red Hat Linux 7.1",
                  "product_id": "Red Hat Linux 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.2",
                "product": {
                  "name": "Red Hat Linux 7.2",
                  "product_id": "Red Hat Linux 7.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2001-0550",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616595"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a \"~{\" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 6.2",
          "Red Hat Linux 7.0",
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2001-0550"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616595",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616595"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2001-0550",
          "url": "https://www.cve.org/CVERecord?id=CVE-2001-0550"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2001-0550",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2001-0550"
        }
      ],
      "release_date": "2001-04-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2001-11-27T23:35:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 6.2",
            "Red Hat Linux 7.0",
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2001:157"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2001_157

Vulnerability from csaf_redhat - Published: 2001-11-27 23:35 - Updated: 2024-11-21 22:13

Summary

Red Hat Security Advisory: : Updated wu-ftpd packages are available

Notes

Topic

Updated wu-ftpd packages are available to fix an overflowable buffer.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated wu-ftpd packages are available to fix an overflowable buffer.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "An overflowable buffer exists in earlier versions of wu-ftpd.\nAn attacker could gain access to the machine by sending malicious \ncommands.\n\nIt is recommended that all users of wu-ftpd upgrade to the lastest\nversion.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2001:157",
        "url": "https://access.redhat.com/errata/RHSA-2001:157"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2001/rhsa-2001_157.json"
      }
    ],
    "title": "Red Hat Security Advisory: : Updated wu-ftpd packages are available",
    "tracking": {
      "current_release_date": "2024-11-21T22:13:15+00:00",
      "generator": {
        "date": "2024-11-21T22:13:15+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2001:157",
      "initial_release_date": "2001-11-27T23:35:00+00:00",
      "revision_history": [
        {
          "date": "2001-11-27T23:35:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2001-11-20T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:13:15+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 6.2",
                "product": {
                  "name": "Red Hat Linux 6.2",
                  "product_id": "Red Hat Linux 6.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:6.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.0",
                "product": {
                  "name": "Red Hat Linux 7.0",
                  "product_id": "Red Hat Linux 7.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.1",
                "product": {
                  "name": "Red Hat Linux 7.1",
                  "product_id": "Red Hat Linux 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.2",
                "product": {
                  "name": "Red Hat Linux 7.2",
                  "product_id": "Red Hat Linux 7.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2001-0550",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616595"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a \"~{\" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 6.2",
          "Red Hat Linux 7.0",
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2001-0550"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616595",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616595"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2001-0550",
          "url": "https://www.cve.org/CVERecord?id=CVE-2001-0550"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2001-0550",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2001-0550"
        }
      ],
      "release_date": "2001-04-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2001-11-27T23:35:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 6.2",
            "Red Hat Linux 7.0",
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2001:157"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

FKIE_CVE-2001-0550

Vulnerability from fkie_nvd - Published: 2001-11-30 05:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).

References

URL	Tags
cve@mitre.org	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000442
cve@mitre.org	http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01
cve@mitre.org	http://marc.info/?l=bugtraq&m=100700363414799&w=2
cve@mitre.org	http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt	Patch, Vendor Advisory
cve@mitre.org	http://www.cert.org/advisories/CA-2001-33.html	Patch, Third Party Advisory, US Government Resource
cve@mitre.org	http://www.debian.org/security/2001/dsa-087
cve@mitre.org	http://www.kb.cert.org/vuls/id/886083	Patch, Third Party Advisory, US Government Resource
cve@mitre.org	http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3
cve@mitre.org	http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2001-157.html	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/82/180823
cve@mitre.org	http://www.securityfocus.com/bid/3581	Exploit, Patch, Vendor Advisory
cve@mitre.org	http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/7611
af854a3a-2127-422b-91ae-364da2661108	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000442
af854a3a-2127-422b-91ae-364da2661108	http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=100700363414799&w=2
af854a3a-2127-422b-91ae-364da2661108	http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.cert.org/advisories/CA-2001-33.html	Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2001/dsa-087
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/886083	Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2001-157.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/82/180823
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/3581	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/7611

Impacted products

Vendor	Product	Version
david_madore	ftpd-bsd	0.3.2
david_madore	ftpd-bsd	0.3.3
washington_university	wu-ftpd	2.5.0
washington_university	wu-ftpd	2.6.0
washington_university	wu-ftpd	2.6.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:david_madore:ftpd-bsd:0.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB2D2E1B-DDF8-4AD5-B208-CDDA0658D267",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:david_madore:ftpd-bsd:0.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F526A3B-219C-454A-9235-DDC22AB832D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "473E71DD-F779-4F93-838A-AD6768BB8DFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5E9B738-E8DF-4FE7-B4A5-91DE46A9CF8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7196CF2D-8CCC-454A-A2C1-6408A9D636C5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a \"~{\" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob)."
    }
  ],
  "id": "CVE-2001-0550",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2001-11-30T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000442"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=100700363414799\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.cert.org/advisories/CA-2001-33.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2001/dsa-087"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/886083"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2001-157.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/82/180823"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/3581"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7611"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000442"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=100700363414799\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.cert.org/advisories/CA-2001-33.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2001/dsa-087"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/886083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2001-157.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/82/180823"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/3581"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7611"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2001-0550

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).

Aliases

CVE-2001-0550

Aliases

CVE-2001-0550

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2001-0550",
    "description": "wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a \"~{\" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).",
    "id": "GSD-2001-0550",
    "references": [
      "https://www.debian.org/security/2001/dsa-087",
      "https://access.redhat.com/errata/RHSA-2001:157"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2001-0550"
      ],
      "details": "wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a \"~{\" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).",
      "id": "GSD-2001-0550",
      "modified": "2023-12-13T01:19:02.022463Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2001-0550",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a \"~{\" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "SuSE-SA:2001:043",
            "refsource": "SUSE",
            "url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
          },
          {
            "name": "20011128 CORE-20011001: Wu-FTP glob heap corruption vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=100700363414799\u0026w=2"
          },
          {
            "name": "CA-2001-33",
            "refsource": "CERT",
            "url": "http://www.cert.org/advisories/CA-2001-33.html"
          },
          {
            "name": "wuftp-glob-heap-corruption(7611)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7611"
          },
          {
            "name": "MDKSA-2001:090",
            "refsource": "MANDRAKE",
            "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3"
          },
          {
            "name": "CLA-2001:442",
            "refsource": "CONECTIVA",
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000442"
          },
          {
            "name": "HPSBUX0107-162",
            "refsource": "HP",
            "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162"
          },
          {
            "name": "20010430 some ftpd implementations mishandle CWD ~{",
            "refsource": "VULN-DEV",
            "url": "http://www.securityfocus.com/archive/82/180823"
          },
          {
            "name": "CSSA-2001-041.0",
            "refsource": "CALDERA",
            "url": "http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt"
          },
          {
            "name": "DSA-087",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2001/dsa-087"
          },
          {
            "name": "IMNX-2001-70-036-01",
            "refsource": "IMMUNIX",
            "url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01"
          },
          {
            "name": "RHSA-2001:157",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2001-157.html"
          },
          {
            "name": "VU#886083",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/886083"
          },
          {
            "name": "3581",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/3581"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:david_madore:ftpd-bsd:0.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:david_madore:ftpd-bsd:0.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2001-0550"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a \"~{\" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "3581",
              "refsource": "BID",
              "tags": [
                "Exploit",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.securityfocus.com/bid/3581"
            },
            {
              "name": "VU#886083",
              "refsource": "CERT-VN",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/886083"
            },
            {
              "name": "RHSA-2001:157",
              "refsource": "REDHAT",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2001-157.html"
            },
            {
              "name": "CSSA-2001-041.0",
              "refsource": "CALDERA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt"
            },
            {
              "name": "CA-2001-33",
              "refsource": "CERT",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.cert.org/advisories/CA-2001-33.html"
            },
            {
              "name": "20010430 some ftpd implementations mishandle CWD ~{",
              "refsource": "VULN-DEV",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/82/180823"
            },
            {
              "name": "CLA-2001:442",
              "refsource": "CONECTIVA",
              "tags": [],
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000442"
            },
            {
              "name": "DSA-087",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2001/dsa-087"
            },
            {
              "name": "HPSBUX0107-162",
              "refsource": "HP",
              "tags": [],
              "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162"
            },
            {
              "name": "IMNX-2001-70-036-01",
              "refsource": "IMMUNIX",
              "tags": [],
              "url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01"
            },
            {
              "name": "MDKSA-2001:090",
              "refsource": "MANDRAKE",
              "tags": [],
              "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3"
            },
            {
              "name": "SuSE-SA:2001:043",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
            },
            {
              "name": "20011128 CORE-20011001: Wu-FTP glob heap corruption vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=100700363414799\u0026w=2"
            },
            {
              "name": "wuftp-glob-heap-corruption(7611)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7611"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-05-03T01:29Z",
      "publishedDate": "2001-11-30T05:00Z"
    }
  }
}

GHSA-FQ5J-PGH2-4GRH

Vulnerability from github – Published: 2022-04-30 18:16 – Updated: 2022-04-30 18:16

Details

wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2001-0550"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2001-11-30T05:00:00Z",
    "severity": "HIGH"
  },
  "details": "wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a \"~{\" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).",
  "id": "GHSA-fq5j-pgh2-4grh",
  "modified": "2022-04-30T18:16:16Z",
  "published": "2022-04-30T18:16:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2001-0550"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7611"
    },
    {
      "type": "WEB",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000442"
    },
    {
      "type": "WEB",
      "url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=100700363414799\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.cert.org/advisories/CA-2001-33.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2001/dsa-087"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/886083"
    },
    {
      "type": "WEB",
      "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2001-157.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/82/180823"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/3581"
    },
    {
      "type": "WEB",
      "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2001-0550 (GCVE-0-2001-0550)

RHSA-2001:157

RHSA-2001_157

FKIE_CVE-2001-0550

GSD-2001-0550

GHSA-FQ5J-PGH2-4GRH

Tags

Sightings

Nomenclature