Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0187

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2001-0187
Last Modified 13 Sep 2013 12:13:04
Published 26 Mar 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0187

Summary

Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment.

Vulnerable Systems

Application

  • Washington University Wu-ftpd 2.4.1

  • Washington University Wu-ftpd 2.4.2 Beta18

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr10

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr11

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr12

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr13

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr14

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr15

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr4

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr5

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr6

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr7

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr8

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr9

  • Washington University Wu-ftpd 2.4.2 Beta9

  • Washington University Wu-ftpd 2.4.2 Vr16

  • Washington University Wu-ftpd 2.4.2 Vr17

  • Washington University Wu-ftpd 2.5

  • Washington University Wu-ftpd 2.6


References

BID - 2296

DEBIAN - DSA-016

XF - wuftp-debug-format-string

CONFIRM - ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_current/missing_format_strings.patch

CONECTIVA - CLA-2001:443


Last Updated: 27 May 2016 10:36:10