PT-2000-1507 · Washington University · Wu-Ftpd

Published

2000-07-07

Updated

2018-05-03

CVE-2000-0573

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions wu-ftpd versions 2.6.0 and earlier

Description The issue arises from the lreply function in wu-ftpd, which fails to properly cleanse an untrusted format string. This allows remote attackers to execute arbitrary commands via the SITE EXEC command.

Recommendations For wu-ftpd versions 2.6.0 and earlier, consider disabling the SITE EXEC command as a temporary workaround until a patch is available. Restrict access to the lreply function to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2000-0573

Affected Products

Wu-Ftpd

PT-2000-1507 · Washington University · Wu-Ftpd

CVE-2000-0573

Related Identifiers

Affected Products

References · 23