3 results (0.002 seconds)

CVSS: 10.0EPSS: 79%CPEs: 8EXPL: 7

Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. Error de fuera-por-uno (off-by-one) en la función fb_realpath(), derivada de la función realpath de BSD, pude permitir a atacantes ejecutar código arbitrario, como se ha demostrado en wu-ftpd 2.5.0 a 2.6.2 mediante comandos que causan que nombres de rutas de tamaño MAXPATHLEN+1 disparen un desbordamiento de búfer, incluyendo: (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, y (8) RNTO. • https://www.exploit-db.com/exploits/22976 https://www.exploit-db.com/exploits/78 https://www.exploit-db.com/exploits/74 https://www.exploit-db.com/exploits/22974 https://www.exploit-db.com/exploits/22975 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01 http://isec.pl/vulnerabilities/isec-0011-wu • CWE-193: Off-by-one Error •

CVSS: 7.5EPSS: 12%CPEs: 7EXPL: 1

wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress. • https://www.exploit-db.com/exploits/20563 http://www.debian.org/security/2003/dsa-377 •

CVSS: 10.0EPSS: 8%CPEs: 17EXPL: 2

Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto. • https://www.exploit-db.com/exploits/19086 https://www.exploit-db.com/exploits/19087 https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0368 •