FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.
References
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:32
Type | Values Removed | Values Added |
---|---|---|
References | () ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-009.txt.asc - | |
References | () http://archives.neohapsis.com/archives/bugtraq/2000-07/0031.html - | |
References | () http://archives.neohapsis.com/archives/bugtraq/2000-07/0061.html - | |
References | () http://archives.neohapsis.com/archives/bugtraq/2000-07/0121.html - | |
References | () http://www.cert.org/advisories/CA-2000-13.html - Patch, Third Party Advisory, US Government Resource | |
References | () http://www.securityfocus.com/bid/1425 - | |
References | () http://www.securityfocus.com/bid/1438 - |
Information
Published : 2000-07-07 04:00
Updated : 2024-11-20 23:32
NVD link : CVE-2000-0574
Mitre link : CVE-2000-0574
CVE.ORG link : CVE-2000-0574
JSON object : View
Products Affected
openbsd
- ftpd
washington_university
- wu-ftpd
CWE