Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0573

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2000-0573
Last Modified 10 Sep 2008 03:05:03
Published 07 Jul 2000 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0573

Summary

The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.

Vulnerable Systems

Operating System

  • Hp-ux 11.00


References

CERT - CA-2000-13

XF - wuftp-format-string-stack-overwrite(4773)

BUGTRAQ - 20000623 ftpd: the advisory version

BID - 1387

REDHAT - RHSA-2000:039

CALDERA - CSSA-2000-020.0

BUGTRAQ - 20000707 New Released Version of the WuFTPD Sploit

BUGTRAQ - 20000623 WUFTPD 2.6.0 remote root exploit

BUGTRAQ - 20000622 WuFTPD: Providing *remote* root since at least1994

BUGTRAQ - 20000702 [Security Announce] wu-ftpd update

BUGTRAQ - 20000723 CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release)

NETBSD - NetBSD-SA2000-009

FREEBSD - FreeBSD-SA-00:29

AUSCERT - AA-2000.02


Last Updated: 27 May 2016 10:35:46