Vulnerability Name:

CVE-2001-0775 (CCN-6821)

Assigned:2001-07-10
Published:2001-07-10
Updated:2016-05-20
Summary:Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux allows remote attackers to execute arbitrary code via a FACES format image containing a long (1) Firstname or (2) Lastname field.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Tue Jul 10 2001 - 04:58:48 CDT
xloadimage remote exploit - tstot.c

Source: MITRE
Type: CNA
CVE-2001-0775

Source: CCN
Type: Conectiva Linux Announcement CLSA-2001:415
Remote vulnerability in xloadimage

Source: CCN
Type: RHSA-2001-088
New xloadimage packages available

Source: DEBIAN
Type: UNKNOWN
DSA-069

Source: DEBIAN
Type: UNKNOWN
DSA-695

Source: DEBIAN
Type: DSA-069
xloadimage -- buffer overflow

Source: DEBIAN
Type: DSA-695
xli -- buffer overflow

Source: CCN
Type: GLSA-200503-05
xli, xloadimage: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200503-05

Source: XF
Type: UNKNOWN
xloadimage-faces-bo(6821)

Source: SUSE
Type: UNKNOWN
SA:2001:024

Source: CCN
Type: OSVDB ID: 13969
xloadimage FACES Format Image Multiple Parameter Overflow

Source: CCN
Type: OSVDB ID: 14403
xli FACES Format Image Multiple Parameter Overflow

Source: REDHAT
Type: UNKNOWN
RHSA-2001:088

Source: BUGTRAQ
Type: Exploit, Patch, Vendor Advisory
20010710 xloadimage remote exploit - tstot.c

Source: BID
Type: Exploit, Patch, Vendor Advisory
3006

Source: CCN
Type: BID-3006
xloadimage Buffer Overflow Vulnerability

Source: CCN
Type: SuSE Security Announcement SuSE-SA:2001:024
xli/xloadimage

Source: CCN
Type: TLSA-2005-43
Sanitization bug

Source: XF
Type: UNKNOWN
xloadimage-faces-bo(6821)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:xli:xli:1.16:*:*:*:*:*:*:*
  • OR cpe:/a:xli:xli:1.17:*:*:*:*:*:*:*
  • OR cpe:/a:xloadimage:xloadimage:4.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.3:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.4:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:4.0es:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:4.1:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:4.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:prg_graficos:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:ecommerce:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:8:*:*:*:server:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:8:*:*:*:workstation:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:7:*:*:*:server:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:7:*:*:*:workstation:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:10:*:*:*:desktop:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:10:*:*:*:server:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:695
    V
    		buffer overflow, input sanitising, integer overflow
    2005-03-21
    oval:org.debian:def:69
    V
    		buffer overflow
    2001-08-09
    BACK
    xli xli 1.16
    xli xli 1.17
    xloadimage xloadimage 4.1
    redhat linux 6.2
    suse suse linux 6.3
    suse suse linux 6.4
    debian debian linux 2.2
    mandrakesoft mandrake linux 7.1
    redhat linux 7
    mandrakesoft mandrake linux 7.2
    suse suse linux 7.0
    conectiva linux 6.0
    mandrakesoft mandrake linux corporate server 1.0.1
    suse suse linux 7.1
    redhat linux 7.1
    mandrakesoft mandrake linux 8.0
    conectiva linux 4.0
    conectiva linux 4.0es
    conectiva linux 4.1
    conectiva linux 4.2
    conectiva linux 5.0
    conectiva linux prg_graficos
    conectiva linux ecommerce
    conectiva linux 5.1
    suse suse linux 7.2
    conectiva linux 7.0
    redhat linux 7.2
    redhat linux 7.3
    debian debian linux 3.0
    gentoo linux *
    turbolinux turbolinux 8
    turbolinux turbolinux 8
    turbolinux turbolinux 7
    turbolinux turbolinux 7
    turbolinux turbolinux 10
    turbolinux turbolinux 10
    turbolinux turbolinux *