ID CVE-2004-0340
Summary Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands.
References
Vulnerable Configurations
  • cpe:2.3:a:texas_imperial_software:wftpd:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:texas_imperial_software:wftpd:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:texas_imperial_software:wftpd:3.0:*:pro:*:*:*:*:*
    cpe:2.3:a:texas_imperial_software:wftpd:3.0:*:pro:*:*:*:*:*
  • cpe:2.3:a:texas_imperial_software:wftpd:3.0_0r3:*:*:*:*:*:*:*
    cpe:2.3:a:texas_imperial_software:wftpd:3.0_0r3:*:*:*:*:*:*:*
  • cpe:2.3:a:texas_imperial_software:wftpd:3.0_0r4:*:*:*:*:*:*:*
    cpe:2.3:a:texas_imperial_software:wftpd:3.0_0r4:*:*:*:*:*:*:*
  • cpe:2.3:a:texas_imperial_software:wftpd:3.0_0r4:*:pro:*:*:*:*:*
    cpe:2.3:a:texas_imperial_software:wftpd:3.0_0r4:*:pro:*:*:*:*:*
  • cpe:2.3:a:texas_imperial_software:wftpd:3.0_0r5:*:*:*:*:*:*:*
    cpe:2.3:a:texas_imperial_software:wftpd:3.0_0r5:*:*:*:*:*:*:*
  • cpe:2.3:a:texas_imperial_software:wftpd:3.0_0r5:*:pro:*:*:*:*:*
    cpe:2.3:a:texas_imperial_software:wftpd:3.0_0r5:*:pro:*:*:*:*:*
  • cpe:2.3:a:texas_imperial_software:wftpd:3.10_r1:*:*:*:*:*:*:*
    cpe:2.3:a:texas_imperial_software:wftpd:3.10_r1:*:*:*:*:*:*:*
  • cpe:2.3:a:texas_imperial_software:wftpd:3.20:*:*:*:*:*:*:*
    cpe:2.3:a:texas_imperial_software:wftpd:3.20:*:*:*:*:*:*:*
  • cpe:2.3:a:texas_imperial_software:wftpd:3.21:*:*:*:*:*:*:*
    cpe:2.3:a:texas_imperial_software:wftpd:3.21:*:*:*:*:*:*:*
  • cpe:2.3:a:texas_imperial_software:wftpd:pro_3.10_r1:*:*:*:*:*:*:*
    cpe:2.3:a:texas_imperial_software:wftpd:pro_3.10_r1:*:*:*:*:*:*:*
  • cpe:2.3:a:texas_imperial_software:wftpd:pro_3.20:*:*:*:*:*:*:*
    cpe:2.3:a:texas_imperial_software:wftpd:pro_3.20:*:*:*:*:*:*:*
  • cpe:2.3:a:texas_imperial_software:wftpd:pro_3.21:*:*:*:*:*:*:*
    cpe:2.3:a:texas_imperial_software:wftpd:pro_3.21:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 9767
bugtraq 20040228 Critical WFTPD buffer overflow vulnerability
secunia 11001
xf wftpd-ftp-commands-bo(15340)
Last major update 11-07-2017 - 01:30
Published 23-11-2004 - 05:00
Last modified 11-07-2017 - 01:30
Back to Top