| Vulnerability Name: | CVE-2001-0550 (CCN-7611) | ||||||||
| Assigned: | 2001-11-27 | ||||||||
| Published: | 2001-11-27 | ||||||||
| Updated: | 2018-05-03 | ||||||||
| Summary: | wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob). | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: CCN Type: FreeBSD Security Advisory FreeBSD-SA-01:64 wu-ftpd port contains remote root compromise Source: CCN Type: Caldera International, Inc. Security Advisory CSSA-2001-041.0 Linux - Vulnerability in wu-ftpd Source: CCN Type: Caldera International, Inc. Security Advisory CSSA-2002-SCO.1 OpenServer: wu-ftpd ftpglob() vulnerability Source: CCN Type: Caldera International, Inc. Security Advisory CSSA-2001-SCO.36.2 REVISED: Open UNIX, UnixWare 7: wu-ftpd ftpglob() vulnerability Source: CCN Type: BugTraq Mailing List, Wed Nov 28 2001 - 11:05:28 CST *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability Source: CCN Type: SuSE Security Announcement SuSE-SA:2001:043 wuftpd Source: CCN Type: BugTraq Mailing List, Wed Nov 28 2001 - 17:59:45 CST WU-FTPD 2.6.1 diff glob.c patch Source: CCN Type: Hewlett-Packard Company Security Bulletin HPSBUX0107-162 Security Vulnerability in ftpd and ftp Source: MITRE Type: CNA CVE-2001-0550 Source: MITRE Type: CNA CVE-2001-0935 Source: CONECTIVA Type: UNKNOWN CLA-2001:442 Source: CCN Type: Conectiva Linux Announcement CLSA-2001:442 wu-ftpd Source: CCN Type: Immunix OS Security Advisory IMNX-2001-70-036-01 wu-ftpd Source: IMMUNIX Type: UNKNOWN IMNX-2001-70-036-01 Source: BUGTRAQ Type: UNKNOWN 20011128 CORE-20011001: Wu-FTP glob heap corruption vulnerability Source: CCN Type: Vuln-Dev Mailing List, 2001-05-01 1:00:20 some ftpd implementations mishandle CWD ~{ Source: CCN Type: RHSA-2001-157 Updated wu-ftpd packages are available Source: CALDERA Type: Patch, Vendor Advisory CSSA-2001-041.0 Source: CCN Type: CERT Advisory CA-2001-33 Multiple Vulnerabilities in WU-FTPD Source: CERT Type: Patch, Third Party Advisory, US Government Resource CA-2001-33 Source: CCN Type: CIAC Information Bulletin M-023 Multiple Vendor wu-ftdp File Globbing Heap Corruption Vulnerability Source: CCN Type: CORE SECURITY TECHNOLOGIES CORE-20011001 WU-FTPD Improper Ftpglob Error Handling Vulnerability Source: DEBIAN Type: UNKNOWN DSA-087 Source: DEBIAN Type: DSA-087 wu-ftpd -- remote root exploit Source: CCN Type: Internet Security Systems Security Alert #103 WU-FTPD Heap Corruption Vulnerability Source: CCN Type: US-CERT VU#886083 WU-FTPD does not properly handle file name globbing Source: CERT-VN Type: Patch, Third Party Advisory, US Government Resource VU#886083 Source: MANDRAKE Type: UNKNOWN MDKSA-2001:090 Source: CCN Type: National Infrastructure Protection Center Advisory 01-027 "Significant Vulnerability Identified In Common Linux File Transport Protocol Program" Source: SUSE Type: UNKNOWN SuSE-SA:2001:043 Source: CCN Type: OSVDB ID: 13998 WU-FTPD Unspecified Security Issue Source: CCN Type: OSVDB ID: 686 WU-FTPD ftpglob Function Error Handling Arbitrary Code Execution Source: REDHAT Type: Patch, Vendor Advisory RHSA-2001:157 Source: VULN-DEV Type: UNKNOWN 20010430 some ftpd implementations mishandle CWD ~{ Source: BID Type: Exploit, Patch, Vendor Advisory 3581 Source: CCN Type: BID-3581 Wu-Ftpd File Globbing Heap Corruption Vulnerability Source: CCN Type: WU-FTPD Web site WU-FTPD Development Group Source: HP Type: UNKNOWN HPSBUX0107-162 Source: XF Type: UNKNOWN wuftp-glob-heap-corruption(7611) Source: XF Type: UNKNOWN wuftp-glob-heap-corruption(7611) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||