Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0159

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0159
Last Modified 10 Sep 2008 03:25:19
Published 15 Mar 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0159

Summary

Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command.

Vulnerable Systems

Application

  • Samhain Labs Hsftp 1.10

  • Samhain Labs Hsftp 1.11

  • Samhain Labs Hsftp 1.4

  • Samhain Labs Hsftp 1.5

  • Samhain Labs Hsftp 1.6

  • Samhain Labs Hsftp 1.7

  • Samhain Labs Hsftp 1.9


References

BID - 9715

DEBIAN - DSA-447

XF - hsftp-format-string(15276)

OSVDB - 4029

FULLDISC - 20040223 Re: [SECURITY] [DSA 447-1] New hsftp packages fix format string vulnerability


Last Updated: 27 May 2016 10:38:30