| Vulnerability Name: | CVE-2000-0573 (CCN-4773) | ||||||||
| Assigned: | 2000-06-22 | ||||||||
| Published: | 2000-06-22 | ||||||||
| Updated: | 2018-05-03 | ||||||||
| Summary: | The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: AUSCERT Type: UNKNOWN AA-2000.02 Source: FREEBSD Type: UNKNOWN FreeBSD-SA-00:29 Source: NETBSD Type: UNKNOWN NetBSD-SA2000-009 Source: CCN Type: Caldera International, Inc. Security Advisory CSSA-2000-020.0 wu-ftpd vulnerability Source: CCN Type: SGI Security Advisory 20000701-01-I Two Input Validation Vulnerabilities in ftpd Source: CCN Type: BugTraq Mailing List, Fri Jun 23 2000 - 04:18:22 CDT ftpd: the advisory version Source: CCN Type: Conectiva Linux Announcement CLSA-2000:232 wu-ftpd Source: BUGTRAQ Type: UNKNOWN 20000723 CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release) Source: BUGTRAQ Type: UNKNOWN 20000702 [Security Announce] wu-ftpd update Source: CCN Type: BugTraq Mailing List, Fri Jul 07 2000 - 13:43:35 CDT New Released Version of the WuFTPD Sploit Source: CCN Type: FreeBSD Security Advisory FreeBSD-SA-00:29 wu-ftpd port contains remote root compromise [REVISED] Source: MITRE Type: CNA CVE-2000-0573 Source: BUGTRAQ Type: UNKNOWN 20000622 WuFTPD: Providing *remote* root since at least1994 Source: BUGTRAQ Type: UNKNOWN 20000623 WUFTPD 2.6.0 remote root exploit Source: BUGTRAQ Type: UNKNOWN 20000707 New Released Version of the WuFTPD Sploit Source: CCN Type: RHSA-2000:039-02 wu-ftpd Source: CCN Type: AusCERT Advisory AA-2000.02 wu-ftpd "site exec" Vulnerability Source: CALDERA Type: UNKNOWN CSSA-2000-020.0 Source: CCN Type: CERT Advisory CA-2000-13 Two Input Validation Problems In FTPD Source: CERT Type: Patch, Third Party Advisory, US Government Resource CA-2000-13 Source: CCN Type: CIAC Information Bulletin K-054 Vulnerability in Linux wu-ftpd Source: DEBIAN Type: Debian Security Advisory 20000623 wu-ftp: remote root exploit in wu-ftp Source: CCN Type: US-CERT VU#29823 Format string input validation error in wu-ftpd site_exec() function Source: CCN Type: MandrakeSoft Web site Linux-Mandrake Updates Source: CCN Type: OpenBSD Security Advisory, July 5, 2000 Just like pretty much all the other unix ftp daemons on the planet, ftpd had a remote root hole in it. Source: CCN Type: OSVDB ID: 11805 WU-FTPD site_exec() Function Remote Format String Source: REDHAT Type: UNKNOWN RHSA-2000:039 Source: BID Type: UNKNOWN 1387 Source: CCN Type: BID-1387 Wu-Ftpd Remote Format String Stack Overwrite Vulnerability Source: CCN Type: BID-1505 HP-UX 11.0 ftpd SITE EXEC Format String Vulnerability Source: BUGTRAQ Type: UNKNOWN 20000623 ftpd: the advisory version Source: CCN Type: SuSE Security Announcement #53 wuftpd < 2.6.0-121 Source: XF Type: UNKNOWN wuftp-format-string-stack-overwrite(4773) Source: XF Type: UNKNOWN wuftp-format-string-stack-overwrite(4773) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||