// For flags

CVE-2000-0573

WU-FTPD - Site EXEC/INDEX Format String

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

7
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 1999-10-15 First Exploit
  • 2000-07-07 CVE Published
  • 2000-07-19 CVE Reserved
  • 2024-02-08 EPSS Updated
  • 2024-08-08 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (22)
URL Tag Source
ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2000.02 Third Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2000-06/0244.html Mailing List
http://archives.neohapsis.com/archives/bugtraq/2000-07/0017.html Mailing List
http://marc.info/?l=bugtraq&m=96171893218000&w=2 Mailing List
http://marc.info/?l=bugtraq&m=96179429114160&w=2 Mailing List
http://marc.info/?l=bugtraq&m=96299933720862&w=2 Mailing List
http://www.securityfocus.com/bid/1387 Vdb Entry
http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000623091822.3321.qmail%40fiver.freemessage.com Mailing List
https://exchange.xforce.ibmcloud.com/vulnerabilities/4773 Vdb Entry
-
URL Date SRC
https://www.exploit-db.com/exploits/16311 2010-11-30
https://www.exploit-db.com/exploits/20031 2000-09-26
https://www.exploit-db.com/exploits/269 2001-05-08
https://www.exploit-db.com/exploits/20032 2001-05-04
https://www.exploit-db.com/exploits/201 2000-11-21
https://www.exploit-db.com/exploits/239 2001-01-03
https://www.exploit-db.com/exploits/20030 1999-10-15
URL Date SRC
http://www.cert.org/advisories/CA-2000-13.html 2023-11-07
URL Date SRC
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:29.wu-ftpd.asc.v1.1 2023-11-07
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-009.txt.asc 2023-11-07
http://www.calderasystems.com/support/security/advisories/CSSA-2000-020.0.txt 2023-11-07
http://www.redhat.com/support/errata/RHSA-2000-039.html 2023-11-07
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Hp
Search vendor "Hp"
 Hp-ux
Search vendor "Hp" for product "Hp-ux"
 11.00
Search vendor "Hp" for product "Hp-ux" and version "11.00"
-
Affected