Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    5 vulnerabilities by bftpd

    VAR-201006-0502

    Vulnerability from variot - Updated: 2022-05-17 01:58

    Bftpd is a small FTP server. When bftpd handles anonymous logins, the ROOTDIR option specified in the configuration file may be ignored, allowing users to bypass the restrictions to gain read and write access to any file or directory on the system. Bftpd is prone to a security-bypass vulnerability that arises due to an access-validation error. Exploiting this issue can allow an attacker to download or upload arbitrary files outside of the FTP server root directory. This may aid in further attacks. The issue affects versions prior to Bftpd 2.9

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201006-0502",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "bftpd",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "bftpd",
            "version": "2.x"
          },
          {
            "model": "bftpd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bftpd",
            "version": "2.2.1"
          },
          {
            "model": "bftpd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bftpd",
            "version": "2.8"
          },
          {
            "model": "bftpd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bftpd",
            "version": "2.4"
          },
          {
            "model": "bftpd",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "bftpd",
            "version": "2.9"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2010-3500"
          },
          {
            "db": "BID",
            "id": "40540"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Paul Laufer",
        "sources": [
          {
            "db": "BID",
            "id": "40540"
          }
        ],
        "trust": 0.3
      },
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2010-3500",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "CNVD",
                "id": "CNVD-2010-3500",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2010-3500"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Bftpd is a small FTP server. When bftpd handles anonymous logins, the ROOTDIR option specified in the configuration file may be ignored, allowing users to bypass the restrictions to gain read and write access to any file or directory on the system. Bftpd is prone to a security-bypass vulnerability that arises due to an access-validation error. \nExploiting this issue can allow an attacker to download or upload arbitrary files outside of the FTP server root directory. This may aid in further attacks. \nThe issue affects versions prior to Bftpd 2.9",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2010-3500"
          },
          {
            "db": "BID",
            "id": "40540"
          }
        ],
        "trust": 0.81
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "40540",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3500",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2010-3500"
          },
          {
            "db": "BID",
            "id": "40540"
          }
        ]
      },
      "id": "VAR-201006-0502",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2010-3500"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2010-3500"
          }
        ]
      },
      "last_update_date": "2022-05-17T01:58:05.120000Z",
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/40540/info"
          },
          {
            "trust": 0.3,
            "url": "http://bftpd.sourceforge.net/index.html"
          },
          {
            "trust": 0.3,
            "url": "http://bftpd.sourceforge.net/news.html"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2010-3500"
          },
          {
            "db": "BID",
            "id": "40540"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2010-3500"
          },
          {
            "db": "BID",
            "id": "40540"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2010-06-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2010-3500"
          },
          {
            "date": "2010-06-02T00:00:00",
            "db": "BID",
            "id": "40540"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2010-06-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2010-3500"
          },
          {
            "date": "2010-06-02T00:00:00",
            "db": "BID",
            "id": "40540"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "40540"
          }
        ],
        "trust": 0.3
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Bftpd anonymous account bypass ROOTDIR security restriction vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2010-3500"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Access Validation Error",
        "sources": [
          {
            "db": "BID",
            "id": "40540"
          }
        ],
        "trust": 0.3
      }
    }

    CVE-2007-2051 (GCVE-0-2007-2051)

    Vulnerability from nvd – Published: 2007-04-16 22:00 – Updated: 2024-08-07 13:23
    VLAI
    Summary
    Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/34890 vdb-entryx_refsource_OSVDB
    http://sourceforge.net/project/shownotes.php?rele… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2007/1347 vdb-entryx_refsource_VUPEN
    Date Public
    2007-04-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:23:49.598Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "34890",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/34890"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/project/shownotes.php?release_id=500238\u0026group_id=32077"
              },
              {
                "name": "ADV-2007-1347",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1347"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-11-13T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "34890",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/34890"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?release_id=500238\u0026group_id=32077"
            },
            {
              "name": "ADV-2007-1347",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1347"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2051",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "34890",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/34890"
                },
                {
                  "name": "http://sourceforge.net/project/shownotes.php?release_id=500238\u0026group_id=32077",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/project/shownotes.php?release_id=500238\u0026group_id=32077"
                },
                {
                  "name": "ADV-2007-1347",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1347"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2051",
        "datePublished": "2007-04-16T22:00:00.000Z",
        "dateReserved": "2007-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:23:49.598Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2010 (GCVE-0-2007-2010)

    Vulnerability from nvd – Published: 2007-04-12 19:00 – Updated: 2024-08-07 13:13
    VLAI
    Summary
    Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/23406 vdb-entryx_refsource_BID
    http://osvdb.org/34889 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/24864 third-party-advisoryx_refsource_SECUNIA
    http://bftpd.sourceforge.net/downloads/CHANGELOG x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2007/1347 vdb-entryx_refsource_VUPEN
    http://bftpd.sourceforge.net/ x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2007-04-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:13:41.977Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "23406",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23406"
              },
              {
                "name": "34889",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/34889"
              },
              {
                "name": "24864",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24864"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bftpd.sourceforge.net/downloads/CHANGELOG"
              },
              {
                "name": "ADV-2007-1347",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1347"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bftpd.sourceforge.net/"
              },
              {
                "name": "bftpd-getmget-dos(33594)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33594"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "23406",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23406"
            },
            {
              "name": "34889",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/34889"
            },
            {
              "name": "24864",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24864"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bftpd.sourceforge.net/downloads/CHANGELOG"
            },
            {
              "name": "ADV-2007-1347",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1347"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bftpd.sourceforge.net/"
            },
            {
              "name": "bftpd-getmget-dos(33594)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33594"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2010",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "23406",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23406"
                },
                {
                  "name": "34889",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/34889"
                },
                {
                  "name": "24864",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24864"
                },
                {
                  "name": "http://bftpd.sourceforge.net/downloads/CHANGELOG",
                  "refsource": "CONFIRM",
                  "url": "http://bftpd.sourceforge.net/downloads/CHANGELOG"
                },
                {
                  "name": "ADV-2007-1347",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1347"
                },
                {
                  "name": "http://bftpd.sourceforge.net/",
                  "refsource": "CONFIRM",
                  "url": "http://bftpd.sourceforge.net/"
                },
                {
                  "name": "bftpd-getmget-dos(33594)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33594"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2010",
        "datePublished": "2007-04-12T19:00:00.000Z",
        "dateReserved": "2007-04-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:13:41.977Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2051 (GCVE-0-2007-2051)

    Vulnerability from cvelistv5 – Published: 2007-04-16 22:00 – Updated: 2024-08-07 13:23
    VLAI
    Summary
    Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/34890 vdb-entryx_refsource_OSVDB
    http://sourceforge.net/project/shownotes.php?rele… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2007/1347 vdb-entryx_refsource_VUPEN
    Date Public
    2007-04-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:23:49.598Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "34890",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/34890"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/project/shownotes.php?release_id=500238\u0026group_id=32077"
              },
              {
                "name": "ADV-2007-1347",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1347"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-11-13T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "34890",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/34890"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?release_id=500238\u0026group_id=32077"
            },
            {
              "name": "ADV-2007-1347",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1347"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2051",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "34890",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/34890"
                },
                {
                  "name": "http://sourceforge.net/project/shownotes.php?release_id=500238\u0026group_id=32077",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/project/shownotes.php?release_id=500238\u0026group_id=32077"
                },
                {
                  "name": "ADV-2007-1347",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1347"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2051",
        "datePublished": "2007-04-16T22:00:00.000Z",
        "dateReserved": "2007-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:23:49.598Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2010 (GCVE-0-2007-2010)

    Vulnerability from cvelistv5 – Published: 2007-04-12 19:00 – Updated: 2024-08-07 13:13
    VLAI
    Summary
    Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/23406 vdb-entryx_refsource_BID
    http://osvdb.org/34889 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/24864 third-party-advisoryx_refsource_SECUNIA
    http://bftpd.sourceforge.net/downloads/CHANGELOG x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2007/1347 vdb-entryx_refsource_VUPEN
    http://bftpd.sourceforge.net/ x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2007-04-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:13:41.977Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "23406",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23406"
              },
              {
                "name": "34889",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/34889"
              },
              {
                "name": "24864",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24864"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bftpd.sourceforge.net/downloads/CHANGELOG"
              },
              {
                "name": "ADV-2007-1347",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1347"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bftpd.sourceforge.net/"
              },
              {
                "name": "bftpd-getmget-dos(33594)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33594"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "23406",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23406"
            },
            {
              "name": "34889",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/34889"
            },
            {
              "name": "24864",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24864"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bftpd.sourceforge.net/downloads/CHANGELOG"
            },
            {
              "name": "ADV-2007-1347",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1347"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bftpd.sourceforge.net/"
            },
            {
              "name": "bftpd-getmget-dos(33594)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33594"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2010",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "23406",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23406"
                },
                {
                  "name": "34889",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/34889"
                },
                {
                  "name": "24864",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24864"
                },
                {
                  "name": "http://bftpd.sourceforge.net/downloads/CHANGELOG",
                  "refsource": "CONFIRM",
                  "url": "http://bftpd.sourceforge.net/downloads/CHANGELOG"
                },
                {
                  "name": "ADV-2007-1347",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1347"
                },
                {
                  "name": "http://bftpd.sourceforge.net/",
                  "refsource": "CONFIRM",
                  "url": "http://bftpd.sourceforge.net/"
                },
                {
                  "name": "bftpd-getmget-dos(33594)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33594"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2010",
        "datePublished": "2007-04-12T19:00:00.000Z",
        "dateReserved": "2007-04-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:13:41.977Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }