Vulnerability Name: | CVE-2004-0185 (CCN-13518) | ||||||||
Assigned: | 2003-10-26 | ||||||||
Published: | 2003-10-26 | ||||||||
Updated: | 2017-10-10 | ||||||||
Summary: | Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name. | ||||||||
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: CONFIRM Type: Patch ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch Source: MITRE Type: CNA CVE-2004-0185 Source: CCN Type: RHSA-2004-096 wu-ftpd security update Source: MISC Type: UNKNOWN http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt Source: CCN Type: CIAC Information Bulletin 0-119 HP Tru64 UNIX WU-FTPD Security Vulnerabilities Source: DEBIAN Type: Patch, Vendor Advisory DSA-457 Source: DEBIAN Type: DSA-457 wu-ftpd -- several vulnerabilities Source: REDHAT Type: Patch, Vendor Advisory RHSA-2004:096 Source: CCN Type: SecuriTeam Mailing List, UNIX focus 26 Oct 2003 Wu-FTPd SKEY Stack Overflow Vulnerability Source: MISC Type: Exploit, Patch, Vendor Advisory http://www.securiteam.com/unixfocus/6X00Q1P8KC.html Source: BID Type: UNKNOWN 8893 Source: CCN Type: BID-8893 Wu-Ftpd S/Key Remote Buffer Overrun Vulnerability Source: CCN Type: TLSA-2004-8 Multiple vulnerabilities in wu-ftpd Source: XF Type: UNKNOWN wuftpd-skey-bo(13518) Source: XF Type: UNKNOWN wuftpd-skey-bo(13518) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |