Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0247

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2001-0247
Last Modified 07 Mar 2011 09:05:02
Published 18 Jun 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0247

Summary

Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.

Vulnerable Systems

Operating System

  • Freebsd 2.2

  • Freebsd 2.2.2

  • Freebsd 2.2.3

  • Freebsd 2.2.4

  • Freebsd 2.2.5

  • Freebsd 2.2.6

  • Freebsd 2.2.8

  • Freebsd 3.0

  • Freebsd 3.1

  • Freebsd 3.2

  • Freebsd 3.3

  • Freebsd 3.4

  • Freebsd 3.5

  • Freebsd 3.5.1

  • Freebsd 4.0

  • Freebsd 4.1

  • Freebsd 4.1.1

  • Freebsd 4.2

  • Netbsd 1.2.1

  • Netbsd 1.3

  • Netbsd 1.3.1

  • Netbsd 1.3.2

  • Netbsd 1.3.3

  • Netbsd 1.4

  • Netbsd 1.4.1

  • Netbsd 1.4.2

  • Netbsd 1.4.3

  • Netbsd 1.5

  • Openbsd 2.3

  • Openbsd 2.4

  • Openbsd 2.5

  • Openbsd 2.6

  • Openbsd 2.7

  • Openbsd 2.8

  • Sgi Irix 6.1

  • Sgi Irix 6.5.1

  • Sgi Irix 6.5.10

  • Sgi Irix 6.5.11

  • Sgi Irix 6.5.2m

  • Sgi Irix 6.5.3

  • Sgi Irix 6.5.3f

  • Sgi Irix 6.5.3m

  • Sgi Irix 6.5.4

  • Sgi Irix 6.5.5

  • Sgi Irix 6.5.6

  • Sgi Irix 6.5.7

  • Sgi Irix 6.5.8

Application

  • Mit Kerberos 5 1.1.1

  • Mit Kerberos 5-1.2

  • Mit Kerberos 5-1.2.1

  • Mit Kerberos 5-1.2.2


References

CERT - CA-2001-07

BID - 2548

FREEBSD - FreeBSD-SA-01:33

NETBSD - NetBSD-SA2000-018

XF - ftp-glob-expansion(6332)

NAI - 20010409 Globbing Vulnerabilities in Multiple FTP Daemons

SGI - 20010802-01-P


Last Updated: 27 May 2016 10:36:12