CVE-2003-0466 – FreeBSD 4.8 - 'realpath()' Off-by-One Buffer Overflow
https://notcve.org/view.php?id=CVE-2003-0466
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. Error de fuera-por-uno (off-by-one) en la función fb_realpath(), derivada de la función realpath de BSD, pude permitir a atacantes ejecutar código arbitrario, como se ha demostrado en wu-ftpd 2.5.0 a 2.6.2 mediante comandos que causan que nombres de rutas de tamaño MAXPATHLEN+1 disparen un desbordamiento de búfer, incluyendo: (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, y (8) RNTO. • https://www.exploit-db.com/exploits/22976 https://www.exploit-db.com/exploits/78 https://www.exploit-db.com/exploits/74 https://www.exploit-db.com/exploits/22974 https://www.exploit-db.com/exploits/22975 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01 http://isec.pl/vulnerabilities/isec-0011-wu • CWE-193: Off-by-one Error •
CVE-2001-0550 – WU-FTPD 2.6.1 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2001-0550
wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob). • https://www.exploit-db.com/exploits/348 https://www.exploit-db.com/exploits/21161 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000442 http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01 http://marc.info/?l=bugtraq&m=100700363414799&w=2 http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt http://www.cert.org/advisories/CA-2001-33.html http://www.debian.org/security/2001/dsa-087 http://www.kb.cert.org/vuls/ •
CVE-2001-0935
https://notcve.org/view.php?id=CVE-2001-0935
Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550. • http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html •