ID |
CVE-2000-0573
|
Summary |
The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 10.0 (as of 03-05-2018 - 01:29) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
redhat
via4
|
|
refmap
via4
|
auscert | AA-2000.02 | bid | 1387 | bugtraq | - 20000622 WuFTPD: Providing *remote* root since at least1994
- 20000623 WUFTPD 2.6.0 remote root exploit
- 20000623 ftpd: the advisory version
- 20000702 [Security Announce] wu-ftpd update
- 20000707 New Released Version of the WuFTPD Sploit
- 20000723 CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release)
- 20000929 [slackware-security] wuftpd vulnerability - Slackware 4.0, 7.0, 7.1, -current
| caldera | CSSA-2000-020.0 | cert | CA-2000-13 | debian | 20000623 | freebsd | FreeBSD-SA-00:29 | netbsd | NetBSD-SA2000-009 | xf | - wuftp-format-string-stack-overwrite
- wuftp-format-string-stack-overwrite(4773)
|
|
Last major update |
03-05-2018 - 01:29 |
Published |
07-07-2000 - 04:00 |
Last modified |
03-05-2018 - 01:29 |