Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
5 vulnerabilities by bftpd
VAR-201006-0502
Vulnerability from variot - Updated: 2022-05-17 01:58Bftpd is a small FTP server. When bftpd handles anonymous logins, the ROOTDIR option specified in the configuration file may be ignored, allowing users to bypass the restrictions to gain read and write access to any file or directory on the system. Bftpd is prone to a security-bypass vulnerability that arises due to an access-validation error. Exploiting this issue can allow an attacker to download or upload arbitrary files outside of the FTP server root directory. This may aid in further attacks. The issue affects versions prior to Bftpd 2.9
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201006-0502",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bftpd",
"scope": "eq",
"trust": 0.6,
"vendor": "bftpd",
"version": "2.x"
},
{
"model": "bftpd",
"scope": "eq",
"trust": 0.3,
"vendor": "bftpd",
"version": "2.2.1"
},
{
"model": "bftpd",
"scope": "eq",
"trust": 0.3,
"vendor": "bftpd",
"version": "2.8"
},
{
"model": "bftpd",
"scope": "eq",
"trust": 0.3,
"vendor": "bftpd",
"version": "2.4"
},
{
"model": "bftpd",
"scope": "ne",
"trust": 0.3,
"vendor": "bftpd",
"version": "2.9"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3500"
},
{
"db": "BID",
"id": "40540"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Paul Laufer",
"sources": [
{
"db": "BID",
"id": "40540"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2010-3500",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2010-3500",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3500"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bftpd is a small FTP server. When bftpd handles anonymous logins, the ROOTDIR option specified in the configuration file may be ignored, allowing users to bypass the restrictions to gain read and write access to any file or directory on the system. Bftpd is prone to a security-bypass vulnerability that arises due to an access-validation error. \nExploiting this issue can allow an attacker to download or upload arbitrary files outside of the FTP server root directory. This may aid in further attacks. \nThe issue affects versions prior to Bftpd 2.9",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3500"
},
{
"db": "BID",
"id": "40540"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "40540",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2010-3500",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3500"
},
{
"db": "BID",
"id": "40540"
}
]
},
"id": "VAR-201006-0502",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3500"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3500"
}
]
},
"last_update_date": "2022-05-17T01:58:05.120000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/40540/info"
},
{
"trust": 0.3,
"url": "http://bftpd.sourceforge.net/index.html"
},
{
"trust": 0.3,
"url": "http://bftpd.sourceforge.net/news.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3500"
},
{
"db": "BID",
"id": "40540"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-3500"
},
{
"db": "BID",
"id": "40540"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3500"
},
{
"date": "2010-06-02T00:00:00",
"db": "BID",
"id": "40540"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3500"
},
{
"date": "2010-06-02T00:00:00",
"db": "BID",
"id": "40540"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "40540"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bftpd anonymous account bypass ROOTDIR security restriction vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3500"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access Validation Error",
"sources": [
{
"db": "BID",
"id": "40540"
}
],
"trust": 0.3
}
}
CVE-2007-2051 (GCVE-0-2007-2051)
Vulnerability from nvd – Published: 2007-04-16 22:00 – Updated: 2024-08-07 13:23
VLAI
EPSS
VEX
Summary
Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://osvdb.org/34890 | vdb-entryx_refsource_OSVDB |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/1347 | vdb-entryx_refsource_VUPEN |
Date Public
2007-04-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:23:49.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=500238\u0026group_id=32077"
},
{
"name": "ADV-2007-1347",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1347"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-13T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=500238\u0026group_id=32077"
},
{
"name": "ADV-2007-1347",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1347"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34890",
"refsource": "OSVDB",
"url": "http://osvdb.org/34890"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=500238\u0026group_id=32077",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=500238\u0026group_id=32077"
},
{
"name": "ADV-2007-1347",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1347"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2051",
"datePublished": "2007-04-16T22:00:00.000Z",
"dateReserved": "2007-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:23:49.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2010 (GCVE-0-2007-2010)
Vulnerability from nvd – Published: 2007-04-12 19:00 – Updated: 2024-08-07 13:13
VLAI
EPSS
VEX
Summary
Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/23406 | vdb-entryx_refsource_BID |
| http://osvdb.org/34889 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/24864 | third-party-advisoryx_refsource_SECUNIA |
| http://bftpd.sourceforge.net/downloads/CHANGELOG | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/1347 | vdb-entryx_refsource_VUPEN |
| http://bftpd.sourceforge.net/ | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2007-04-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:13:41.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23406",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23406"
},
{
"name": "34889",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34889"
},
{
"name": "24864",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24864"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bftpd.sourceforge.net/downloads/CHANGELOG"
},
{
"name": "ADV-2007-1347",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1347"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bftpd.sourceforge.net/"
},
{
"name": "bftpd-getmget-dos(33594)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33594"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23406",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23406"
},
{
"name": "34889",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34889"
},
{
"name": "24864",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24864"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bftpd.sourceforge.net/downloads/CHANGELOG"
},
{
"name": "ADV-2007-1347",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1347"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bftpd.sourceforge.net/"
},
{
"name": "bftpd-getmget-dos(33594)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33594"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23406",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23406"
},
{
"name": "34889",
"refsource": "OSVDB",
"url": "http://osvdb.org/34889"
},
{
"name": "24864",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24864"
},
{
"name": "http://bftpd.sourceforge.net/downloads/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://bftpd.sourceforge.net/downloads/CHANGELOG"
},
{
"name": "ADV-2007-1347",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1347"
},
{
"name": "http://bftpd.sourceforge.net/",
"refsource": "CONFIRM",
"url": "http://bftpd.sourceforge.net/"
},
{
"name": "bftpd-getmget-dos(33594)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33594"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2010",
"datePublished": "2007-04-12T19:00:00.000Z",
"dateReserved": "2007-04-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:13:41.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2051 (GCVE-0-2007-2051)
Vulnerability from cvelistv5 – Published: 2007-04-16 22:00 – Updated: 2024-08-07 13:23
VLAI
EPSS
VEX
Summary
Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://osvdb.org/34890 | vdb-entryx_refsource_OSVDB |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/1347 | vdb-entryx_refsource_VUPEN |
Date Public
2007-04-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:23:49.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=500238\u0026group_id=32077"
},
{
"name": "ADV-2007-1347",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1347"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-13T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=500238\u0026group_id=32077"
},
{
"name": "ADV-2007-1347",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1347"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34890",
"refsource": "OSVDB",
"url": "http://osvdb.org/34890"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=500238\u0026group_id=32077",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=500238\u0026group_id=32077"
},
{
"name": "ADV-2007-1347",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1347"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2051",
"datePublished": "2007-04-16T22:00:00.000Z",
"dateReserved": "2007-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:23:49.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2010 (GCVE-0-2007-2010)
Vulnerability from cvelistv5 – Published: 2007-04-12 19:00 – Updated: 2024-08-07 13:13
VLAI
EPSS
VEX
Summary
Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/23406 | vdb-entryx_refsource_BID |
| http://osvdb.org/34889 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/24864 | third-party-advisoryx_refsource_SECUNIA |
| http://bftpd.sourceforge.net/downloads/CHANGELOG | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/1347 | vdb-entryx_refsource_VUPEN |
| http://bftpd.sourceforge.net/ | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2007-04-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:13:41.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23406",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23406"
},
{
"name": "34889",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34889"
},
{
"name": "24864",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24864"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bftpd.sourceforge.net/downloads/CHANGELOG"
},
{
"name": "ADV-2007-1347",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1347"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bftpd.sourceforge.net/"
},
{
"name": "bftpd-getmget-dos(33594)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33594"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23406",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23406"
},
{
"name": "34889",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34889"
},
{
"name": "24864",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24864"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bftpd.sourceforge.net/downloads/CHANGELOG"
},
{
"name": "ADV-2007-1347",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1347"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bftpd.sourceforge.net/"
},
{
"name": "bftpd-getmget-dos(33594)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33594"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23406",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23406"
},
{
"name": "34889",
"refsource": "OSVDB",
"url": "http://osvdb.org/34889"
},
{
"name": "24864",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24864"
},
{
"name": "http://bftpd.sourceforge.net/downloads/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://bftpd.sourceforge.net/downloads/CHANGELOG"
},
{
"name": "ADV-2007-1347",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1347"
},
{
"name": "http://bftpd.sourceforge.net/",
"refsource": "CONFIRM",
"url": "http://bftpd.sourceforge.net/"
},
{
"name": "bftpd-getmget-dos(33594)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33594"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2010",
"datePublished": "2007-04-12T19:00:00.000Z",
"dateReserved": "2007-04-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:13:41.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}