CVE-2000-0574

Name of the Vulnerable Software and Affected Versions ProFTPD versions 1.2 pre1 through 1.2 pre10 OpenBSD ftpd (affected versions not specified) NetBSD ftpd (affected versions not specified) Opieftpd (affected versions not specified)

Description A remote attacker could cause denial of service or execute arbitrary code on a vulnerable system. The issue arises from the improper cleansing of untrusted format strings used in the setproctitle function, allowing attackers to overwrite values on the stack and execute arbitrary code. Additionally, a memory leak occurs when using the SIZE or USER FTP command, which can consume all available CPU resources on the server.

Recommendations For ProFTPD versions 1.2 pre1 through 1.2 pre10, update to a version that fixes the memory leak and arbitrary code execution issues. For OpenBSD ftpd, NetBSD ftpd, and Opieftpd, at the moment, there is no information about a newer version that contains a fix for this vulnerability.