CVE-2004-0185
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name.
Desbordamiento de búfer en la función skey_challenge en ftpd.c de wu-ftp daemon (wu-ftpd) 2.6.2 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante una petición s/key (SKEY) con un nombre muy grande.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2004-03-02 CVE Reserved
- 2004-03-15 CVE Published
- 2024-08-08 CVE Updated
- 2024-08-08 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt | Url Repurposed | |
| http://www.securityfocus.com/bid/8893 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/13518 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://www.securiteam.com/unixfocus/6X00Q1P8KC.html | 2024-08-08 |
| URL | Date | SRC |
|---|---|---|
| ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch | 2024-02-14 | |
| http://www.debian.org/security/2004/dsa-457 | 2024-02-14 | |
| http://www.redhat.com/support/errata/RHSA-2004-096.html | 2024-02-14 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2004-0185 | 2004-03-08 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1617176 | 2004-03-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Washington University Search vendor "Washington University" | Wu-ftpd Search vendor "Washington University" for product "Wu-ftpd" | 2.6.2 Search vendor "Washington University" for product "Wu-ftpd" and version "2.6.2" | - |
Affected
| ||||||