Vulnerability Name: | CVE-2003-1327 (CCN-13269) | ||||||||
Assigned: | 2003-09-22 | ||||||||
Published: | 2003-09-22 | ||||||||
Updated: | 2017-07-29 | ||||||||
Summary: | Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator. Successful exploitation requires that the option "MAIL_ADMIN" has been enabled (not default), that anonymous users have write permissions on a folder, and that the program has been compiled on a system where very long paths are permitted. | ||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: BUGTRAQ Type: UNKNOWN 20030922 Wu_ftpd all versions (not) vulnerability. Source: CCN Type: BugTraq Mailing List, Mon Sep 22 2003 - 07:44:16 CDT Wu_ftpd all versions (not) vulnerability. Source: MITRE Type: CNA CVE-2003-1327 Source: CCN Type: SA9835 WU-FTPD "MAIL_ADMIN" Buffer Overflow Vulnerability Source: SECUNIA Type: Vendor Advisory 9835 Source: CCN Type: SECTRACK ID: 1007775 wu-ftpd MAIL_ADMIN Option May Let Remote Authenticated Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1007775 Source: OSVDB Type: UNKNOWN 2594 Source: CCN Type: OSVDB ID: 2594 WU-FTPD MAIL_ADMIN Function Remote Overflow Source: BID Type: UNKNOWN 8668 Source: CCN Type: BID-8668 Wu-Ftpd SockPrintf() Remote Stack-based Buffer Overrun Vulnerability Source: CCN Type: slackware-security Mailing List, Tue, 23 Sep 2003 23:07:06 -0700 (PDT) WU-FTPD Security Advisory (SSA:2003-259-03) Source: SLACKWARE Type: UNKNOWN SSA:2003-259-03 Source: CCN Type: WU-FTPD Development Group Web site WU-FTPD Development Group Source: XF Type: UNKNOWN wuftp-mailadmin-sockprintf-bo(13269) Source: XF Type: UNKNOWN wuftp-mailadmin-sockprintf-bo(13269) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |