Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0466

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2003-0466
Last Modified 25 May 2010 12:18:55
Published 27 Aug 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0466

Summary

Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.2.6

  • Apple Mac Os X Server 10.2.6

  • Freebsd 4.0

  • Freebsd 4.1

  • Freebsd 4.1.1

  • Freebsd 4.2

  • Freebsd 4.3

  • Freebsd 4.4

  • Freebsd 4.5

  • Freebsd 4.6

  • Freebsd 4.6.2

  • Freebsd 4.7

  • Freebsd 4.8

  • Freebsd 5.0

  • Netbsd 1.5

  • Netbsd 1.5.1

  • Netbsd 1.5.2

  • Netbsd 1.5.3

  • Netbsd 1.6

  • Netbsd 1.6.1

  • Openbsd 2.0

  • Openbsd 2.1

  • Openbsd 2.2

  • Openbsd 2.3

  • Openbsd 2.4

  • Openbsd 2.5

  • Openbsd 2.6

  • Openbsd 2.7

  • Openbsd 2.8

  • Openbsd 2.9

  • Openbsd 3.0

  • Openbsd 3.1

  • Openbsd 3.2

  • Openbsd 3.3

  • Sun Solaris 9.0

Application

  • Redhat Wu Ftpd 2.6.1-16

  • Redhat Wu Ftpd 2.6.1-18

  • Redhat Wu Ftpd 2.6.2-5

  • Redhat Wu Ftpd 2.6.2-8

  • Washington University Wu-ftpd 2.5.0

  • Washington University Wu-ftpd 2.6.0

  • Washington University Wu-ftpd 2.6.1

  • Washington University Wu-ftpd 2.6.2


References

CERT-VN - VU#743092

BID - 8315

XF - libc-realpath-offbyone-bo(12785)

TURBO - TLSA-2003-46

BUGTRAQ - 20060214 Re: Latest wu-ftpd exploit :-s

BUGTRAQ - 20060213 Latest wu-ftpd exploit :-s

REDHAT - RHSA-2003:246

REDHAT - RHSA-2003:245

OSVDB - 6602

SUSE - SuSE-SA:2003:032

DEBIAN - DSA-357

SUNALERT - 1001257

SECTRACK - 1007380

SECUNIA - 9535

SECUNIA - 9447

SECUNIA - 9446

SECUNIA - 9423

BUGTRAQ - 20030804 Off-by-one Buffer Overflow Vulnerability in BSD libc realpath(3)

BUGTRAQ - 20030804 wu-ftpd-2.6.2 off-by-one remote exploit.

FREEBSD - FreeBSD-SA-03:08

BUGTRAQ - 20030731 wu-ftpd fb_realpath() off-by-one bug

MISC - http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt

IMMUNIX - IMNX-2003-7+-019-01

NETBSD - NetBSD-SA2003-011.txt.asc

MANDRAKE - MDKSA-2003:080


Last Updated: 27 May 2016 10:37:56