| ID |
CVE-2000-0573
|
| Summary |
The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 10.0 (as of 03-05-2018 - 01:29) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| redhat
via4
|
|
| refmap
via4
|
| auscert | AA-2000.02 | | bid | 1387 | | bugtraq | - 20000622 WuFTPD: Providing *remote* root since at least1994
- 20000623 WUFTPD 2.6.0 remote root exploit
- 20000623 ftpd: the advisory version
- 20000702 [Security Announce] wu-ftpd update
- 20000707 New Released Version of the WuFTPD Sploit
- 20000723 CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release)
- 20000929 [slackware-security] wuftpd vulnerability - Slackware 4.0, 7.0, 7.1, -current
| | caldera | CSSA-2000-020.0 | | cert | CA-2000-13 | | debian | 20000623 | | freebsd | FreeBSD-SA-00:29 | | netbsd | NetBSD-SA2000-009 | | xf | - wuftp-format-string-stack-overwrite
- wuftp-format-string-stack-overwrite(4773)
|
|
| Last major update |
03-05-2018 - 01:29 |
| Published |
07-07-2000 - 04:00 |
| Last modified |
03-05-2018 - 01:29 |
