| Vulnerability Name: | CVE-2001-0248 (CCN-6332) |
| Assigned: | 2001-04-09 |
| Published: | 2001-04-09 |
| Updated: | 2017-12-19 |
| Summary: | Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings.
|
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required | | Scope: | Scope (S): Changed
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): High
Availibility (A): High |
|
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete |
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
7.5 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
| | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete |
|
| Vulnerability Type: | CWE-Other
|
| Vulnerability Consequences: | Gain Privileges |
| References: | Source: CCN
Type: FreeBSD Security Advisory FreeBSD-SA-01:33
globbing vulnerability in ftpd
Source: CCN
Type: NetBSD Security Advisory 2000-018
One-byte buffer overrun in ftpd
Source: CCN
Type: SGI Security Advisory 20010802-01-P
File globbing vulnerability in ftpd
Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2001-SCO.27
UnixWare 7: ftpd glob security
Source: CCN
Type: Compaq SECURITY BULLETIN SSRT-547
HP Tru64 UNIX Potential Security Vulnerabilities TCP/IP, FTPD, ARP
Source: MITRE
Type: CNA
CVE-2001-0247
Source: MITRE
Type: CNA
CVE-2001-0248
Source: MITRE
Type: CNA
CVE-2001-0249
Source: CCN
Type: NetBSD Security Advisory 2001-005
Ftpd denial of service and remote buffer overflow
Source: CCN
Type: Network Associates, Inc. COVERT Labs Security Advisory #48
Globbing Vulnerabilities in Multiple FTP Daemons
Source: CCN
Type: Sun Microsystems, Inc. Security Bulletin #00205
in.ftpd
Source: CCN
Type: Kerberos Security Advisory 2001-04-25
KRB5 FTPD BUFFER OVERFLOWS
Source: CCN
Type: CERT Advisory CA-2001-07
File Globbing Vulnerabilities in Various FTP Servers
Source: CERT
Type: Patch, Third Party Advisory, US Government Resource
CA-2001-07
Source: CCN
Type: CIAC Information Bulletin L-070A
FTP Filename Expansion Vulnerability
Source: CCN
Type: CIAC Information Bulletin L-129
Sun in.ftpd Filename Expansion Vulnerability
Source: CCN
Type: CIAC Information Bulletin L-135
SGI File Globbing Vulnerability in ftpd
Source: CCN
Type: US-CERT VU#808552
Multiple ftpd implementations contain buffer overflows
Source: NAI
Type: UNKNOWN
20010409 Globbing Vulnerabilities in Multiple FTP Daemons
Source: CCN
Type: OSVDB ID: 13838
HP-UX FTP Server STAT Command Pathname Glob Arbitrary Command Execution
Source: CCN
Type: OSVDB ID: 537
BSD Based FTP Server Multiple glob Function Remote Overflow
Source: CCN
Type: OSVDB ID: 8681
Solaris FTP Daemon LIST Glob Arbitrary Command Execution
Source: CCN
Type: BID-2548
Multiple Vendor BSD ftpd glob() Buffer Overflow Vulnerabilities
Source: CCN
Type: BID-2550
Solaris ftpd glob() Expansion LIST Heap Overflow Vulnerability
Source: BID
Type: Exploit, Patch, Vendor Advisory
2552
Source: CCN
Type: BID-2552
HP-UX ftpd glob() Expansion STAT Buffer Overflow Vulnerability
Source: XF
Type: UNKNOWN
ftp-glob-expansion(6332)
Source: XF
Type: UNKNOWN
ftp-glob-expansion(6332)
|
| Vulnerable Configuration: | Configuration 1:
cpe:/o:hp:hp-ux:10.00:*:*:*:*:*:*:*OR cpe:/o:hp:hp-ux:10.10:*:*:*:*:*:*:*OR cpe:/o:hp:hp-ux:10.20:*:*:*:*:*:*:*OR cpe:/o:hp:hp-ux:10.30:*:*:*:*:*:*:*OR cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/o:sgi:irix:6.5:*:*:*:*:*:*:*OR cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.1:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.2:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.3:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.4:*:*:*:*:*:*:*OR cpe:/o:compaq:tru64:4.0f:*:*:*:*:*:*:*OR cpe:/o:sun:sunos:5.8:*:*:*:*:*:*:*OR cpe:/o:openbsd:openbsd:2.8:*:*:*:*:*:*:*OR cpe:/o:compaq:tru64:4.0g:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.7:*:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:4.2:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.5:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.6:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.8:*:*:*:*:*:*:*OR cpe:/o:compaq:tru64:5.0a:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.9:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.10:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.11:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.12:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.13:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.14:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.15:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.16:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.19:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.20:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.21:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.24:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.22:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.23:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.25:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.22m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.21m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.21f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.26:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.27:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.10f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.10m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.11f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.11m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.12f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.12m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.13f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.13m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.14f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.14m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.15f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.15m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.16f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.16m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.17:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.17f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.17m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.18:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.18f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.18m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.19f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.19m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.20f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.20m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.2f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.2m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.3f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.3m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.4f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.4m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.5f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.5m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.6f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.6m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.7f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.7m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.8f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.8m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.9f:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5.9m:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:6.5_20:*:*:*:*:*:*:*AND cpe:/o:netbsd:netbsd:*:*:*:*:*:*:*:*OR cpe:/a:mit:kerberos:*:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |