Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0574

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2000-0574
Last Modified 10 Sep 2008 03:05:03
Published 07 Jul 2000 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0574

Summary

FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.

Vulnerable Systems

Application

  • Openbsd Ftpd 5.51

  • Openbsd Ftpd 5.60

  • Washington University Wu-ftpd 2.4.2 Beta1

  • Washington University Wu-ftpd 2.4.2 Beta18

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr10

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr11

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr12

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr13

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr14

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr15

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr4

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr5

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr6

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr7

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr8

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr9

  • Washington University Wu-ftpd 2.4.2 Vr16

  • Washington University Wu-ftpd 2.4.2 Vr17

  • Washington University Wu-ftpd 2.5

  • Washington University Wu-ftpd 2.6


References

CERT - CA-2000-13

BID - 1438

BID - 1425

BUGTRAQ - 20000710 opieftpd setproctitle() patches

BUGTRAQ - 20000706 ftpd and setproctitle()

BUGTRAQ - 20000705 proftp advisory

NETBSD - NetBSD-SA2000-009


Last Updated: 27 May 2016 10:35:46