Vulnerability Name: CVE-2003-0466 (CCN-12785) Assigned: 2003-07-31 Published: 2003-07-31 Updated: 2018-05-03 Summary: Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-Other Vulnerability Consequences: Gain Privileges References: Source: CCNSingle byte buffer overflow in realpath(3) NetBSD-SA2003-011.txt.asc OpenLinux: wu-ftpd fb_realpath() off-by-one bug OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : wu-ftpd fb_realpath() off-by-one bug wu-ftpd fb_realpath() off-by-one bug Off-by-one Buffer Overflow Vulnerability in BSD libc realpath(3) off-by-one error in realpath(3) 20030731 wu-ftpd fb_realpath() off-by-one bug CVE-2003-0466 Security Update 2003-08-14 v.1.0 (Server):Information and Download Security Update 2003-08-14 IMNX-2003-7+-019-01 http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt 20030731 wu-ftpd fb_realpath() off-by-one bug FreeBSD-SA-03:08 20030804 wu-ftpd-2.6.2 off-by-one remote exploit. 20030804 Off-by-one Buffer Overflow Vulnerability in BSD libc realpath(3) Updated wu-ftpd packages fix remote vulnerability. wu-ftpd security update FreeBSD "realpath()" Buffer Overflow Vulnerability 9423 NetBSD "realpath()" Buffer Overflow Vulnerability 9446 OpenBSD "realpath()" Buffer Overflow Vulnerability 9447 Mac OS X "fb_realpath()" Buffer Overflow Vulnerability 9535 (FreeBSD Issues Fix) libc Off-by-One Overflow in realpath() May Let Remote Users Execute Arbitrary Code 1007380 1001257 Wu-ftpd Buffer Overflow Vulnerability DSA-357 wu-ftpd -- remote root exploit realpath(3) function contains off-by-one buffer overflow VU#743092 MDKSA-2003:080 SuSE-SA:2003:032 off-by-one error in realpath(3) 6602 Multiple BSD libc realpath() Off-by-one Overflow RHSA-2003:245 RHSA-2003:246 Off-by-One Error in realpath() (Exploit) 20060213 Latest wu-ftpd exploit :-s 20060214 Re: Latest wu-ftpd exploit :-s 8315 Multiple Vendor C Library realpath() Off-By-One Buffer Overflow Vulnerability Security Vulnerability in the Solaris 9 in.ftpd(1M) Server May Allow Unauthorized "root" Access Sun Linux 5.0 Security Vulnerability in "wu-ftpd" May Allow Unauthorized Root Access Wu-ftpd fb_realpath() off-by-one bug TLSA-2003-46 WU-FTPD Development Group libc-realpath-offbyone-bo(12785) libc-realpath-offbyone-bo(12785) oval:org.mitre.oval:def:1970 wuftpd: remote buffer overflow Vulnerable Configuration: Configuration 1 :cpe:/a:redhat:wu_ftpd:2.6.1-16:*:i386:*:*:*:*:* OR cpe:/a:redhat:wu_ftpd:2.6.1-16:*:powerpc:*:*:*:*:* OR cpe:/a:redhat:wu_ftpd:2.6.1-18:*:i386:*:*:*:*:* OR cpe:/a:redhat:wu_ftpd:2.6.1-18:*:ia64:*:*:*:*:* OR cpe:/a:redhat:wu_ftpd:2.6.2-5:*:i386:*:*:*:*:* OR cpe:/a:redhat:wu_ftpd:2.6.2-8:*:i386:*:*:*:*:* OR cpe:/a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:* OR cpe:/a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:* OR cpe:/a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:* OR cpe:/a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:* Configuration 2 :cpe:/o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.0:*:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.0:alpha:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.1:*:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.1.1:*:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.1.1:release:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.1.1:stable:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.2:*:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.2:stable:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.3:-:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.3:release:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.3:releng:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.3:stable:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.4:-:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.4:releng:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.4:stable:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.5:-:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.5:release:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.5:stable:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.6:-:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.6:release:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.6:stable:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.6.2:-:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.7:-:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.7:release:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.7:stable:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.8:-:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.8:pre-release:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:5.0:-:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:5.0:alpha:*:*:*:*:*:* OR cpe:/o:netbsd:netbsd:1.5:*:*:*:*:*:*:* OR cpe:/o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:* OR cpe:/o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:* OR cpe:/o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:* OR cpe:/o:netbsd:netbsd:1.6:*:*:*:*:*:*:* OR cpe:/o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:* OR cpe:/o:openbsd:openbsd:2.0:*:*:*:*:*:*:* OR cpe:/o:openbsd:openbsd:2.1:*:*:*:*:*:*:* OR cpe:/o:openbsd:openbsd:2.2:*:*:*:*:*:*:* OR cpe:/o:openbsd:openbsd:2.3:*:*:*:*:*:*:* OR cpe:/o:openbsd:openbsd:2.4:*:*:*:*:*:*:* OR cpe:/o:openbsd:openbsd:2.5:*:*:*:*:*:*:* OR cpe:/o:openbsd:openbsd:2.6:*:*:*:*:*:*:* OR cpe:/o:openbsd:openbsd:2.7:*:*:*:*:*:*:* OR cpe:/o:openbsd:openbsd:2.8:*:*:*:*:*:*:* OR cpe:/o:openbsd:openbsd:2.9:*:*:*:*:*:*:* OR cpe:/o:openbsd:openbsd:3.0:*:*:*:*:*:*:* OR cpe:/o:openbsd:openbsd:3.1:*:*:*:*:*:*:* OR cpe:/o:openbsd:openbsd:3.2:*:*:*:*:*:*:* OR cpe:/o:openbsd:openbsd:3.3:*:*:*:*:*:*:* OR cpe:/o:sun:solaris:9.0:*:sparc:*:*:*:*:* OR cpe:/o:sun:solaris:9.0:*:x86:*:*:*:*:* Configuration CCN 1 :cpe:/a:washington_university:wu-ftpd:2.5:*:*:*:*:*:*:* OR cpe:/a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:* OR cpe:/a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:* OR cpe:/a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:* AND cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.0:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.1.1:*:*:*:*:*:*:* OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.1:*:*:*:*:*:*:* OR cpe:/o:netbsd:netbsd:1.5:*:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.2:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:7.2:*:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.3:-:*:*:*:*:*:* OR cpe:/o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:7.3:*:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.4:-:*:*:*:*:*:* OR cpe:/o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:* OR cpe:/a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.5:-:*:*:*:*:*:* OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:* OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.6:-:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.6.1:release_p10:*:*:*:*:*:* OR cpe:/a:suse:suse_linux_office_server:*:*:*:*:*:*:*:* OR cpe:/o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:* OR cpe:/o:netbsd:netbsd:1.6:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:8.0:*:*:*:*:*:*:* OR cpe:/o:hp:hp-ux:11.22:*:*:*:*:*:*:* OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:* OR cpe:/o:turbolinux:turbolinux_server:6.1:*:*:*:*:*:*:* OR cpe:/o:turbolinux:turbolinux:6.0:*:*:*:workstation:*:*:* OR cpe:/o:freebsd:freebsd:4.7:-:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:* OR cpe:/o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:8.2::ppc:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.6.2:-:*:*:*:*:*:* Oval Definitions BACK
redhat wu ftpd 2.6.1-16
redhat wu ftpd 2.6.1-16
redhat wu ftpd 2.6.1-18
redhat wu ftpd 2.6.1-18
redhat wu ftpd 2.6.2-5
redhat wu ftpd 2.6.2-8
washington_university wu-ftpd 2.5.0
washington_university wu-ftpd 2.6.0
washington_university wu-ftpd 2.6.1
washington_university wu-ftpd 2.6.2
apple mac os x 10.2.6
apple mac os x server 10.2.6
freebsd freebsd 4.0
freebsd freebsd 4.0 alpha
freebsd freebsd 4.1
freebsd freebsd 4.1.1
freebsd freebsd 4.1.1 release
freebsd freebsd 4.1.1 stable
freebsd freebsd 4.2
freebsd freebsd 4.2 stable
freebsd freebsd 4.3
freebsd freebsd 4.3 release
freebsd freebsd 4.3 releng
freebsd freebsd 4.3 stable
freebsd freebsd 4.4
freebsd freebsd 4.4 releng
freebsd freebsd 4.4 stable
freebsd freebsd 4.5
freebsd freebsd 4.5 release
freebsd freebsd 4.5 stable
freebsd freebsd 4.6
freebsd freebsd 4.6 release
freebsd freebsd 4.6 stable
freebsd freebsd 4.6.2
freebsd freebsd 4.7
freebsd freebsd 4.7 release
freebsd freebsd 4.7 stable
freebsd freebsd 4.8
freebsd freebsd 4.8 pre-release
freebsd freebsd 5.0
freebsd freebsd 5.0 alpha
netbsd netbsd 1.5
netbsd netbsd 1.5.1
netbsd netbsd 1.5.2
netbsd netbsd 1.5.3
netbsd netbsd 1.6
netbsd netbsd 1.6.1
openbsd openbsd 2.0
openbsd openbsd 2.1
openbsd openbsd 2.2
openbsd openbsd 2.3
openbsd openbsd 2.4
openbsd openbsd 2.5
openbsd openbsd 2.6
openbsd openbsd 2.7
openbsd openbsd 2.8
openbsd openbsd 2.9
openbsd openbsd 3.0
openbsd openbsd 3.1
openbsd openbsd 3.2
openbsd openbsd 3.3
sun solaris 9.0
sun solaris 9.0
washington_university wu-ftpd 2.5
washington_university wu-ftpd 2.6.0
washington_university wu-ftpd 2.6.2
washington_university wu-ftpd 2.6.1
hp hp-ux 11.00
freebsd freebsd 4.0
redhat linux 7
freebsd freebsd 4.1.1
hp hp-ux 11.11
freebsd freebsd 4.1
netbsd netbsd 1.5
freebsd freebsd 4.2
redhat linux 7.1
suse suse linux 7.2
freebsd freebsd 4.3
netbsd netbsd 1.5.1
redhat linux 7.2
suse suse linux 7.3
freebsd freebsd 4.4
netbsd netbsd 1.5.2
suse suse linux connectivity server *
mandrakesoft mandrake linux 8.2
redhat linux 7.3
freebsd freebsd 4.5
sun solaris 9
debian debian linux 3.0
freebsd freebsd 4.6
freebsd freebsd 4.6.1 release_p10
suse suse linux office server *
netbsd netbsd 1.5.3
netbsd netbsd 1.6
redhat linux 8.0
hp hp-ux 11.22
suse linux enterprise server 8
turbolinux turbolinux server 6.1
turbolinux turbolinux workstation 6.0
freebsd freebsd 4.7
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
netbsd netbsd 1.6.1
redhat linux advanced workstation 2.1
mandrakesoft mandrake linux 8.2
freebsd freebsd 4.6.2
Denotes that component is vulnerable