3 results (0.003 seconds)

CVSS: 10.0EPSS: 79%CPEs: 8EXPL: 7

Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. Error de fuera-por-uno (off-by-one) en la función fb_realpath(), derivada de la función realpath de BSD, pude permitir a atacantes ejecutar código arbitrario, como se ha demostrado en wu-ftpd 2.5.0 a 2.6.2 mediante comandos que causan que nombres de rutas de tamaño MAXPATHLEN+1 disparen un desbordamiento de búfer, incluyendo: (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, y (8) RNTO. • https://www.exploit-db.com/exploits/22976 https://www.exploit-db.com/exploits/78 https://www.exploit-db.com/exploits/74 https://www.exploit-db.com/exploits/22974 https://www.exploit-db.com/exploits/22975 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01 http://isec.pl/vulnerabilities/isec-0011-wu • CWE-193: Off-by-one Error •

CVSS: 10.0EPSS: 2%CPEs: 10EXPL: 3

One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges. • https://www.exploit-db.com/exploits/234 https://www.exploit-db.com/exploits/20512 ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-018.txt.asc http://archives.neohapsis.com/archives/bugtraq/2000-12/0275.html http://www.openbsd.org/advisories/ftpd_replydirname.txt http://www.securityfocus.com/bid/2124 https://exchange.xforce.ibmcloud.com/vulnerabilities/5776 •

CVSS: 5.0EPSS: 4%CPEs: 20EXPL: 1

FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands. • https://www.exploit-db.com/exploits/396 ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-009.txt.asc http://archives.neohapsis.com/archives/bugtraq/2000-07/0031.html http://archives.neohapsis.com/archives/bugtraq/2000-07/0061.html http://archives.neohapsis.com/archives/bugtraq/2000-07/0121.html http://www.cert.org/advisories/CA-2000-13.html http://www.securityfocus.com/bid/1425 http://www.securityfocus.com/bid/1438 •