VYPR

Wu Ftpd

by University of Washington

CVEs (23)

  • CVE-2001-0550Nov 30, 2001
    risk 0.09cvss epss 0.75

    wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).

  • CVE-2000-0574Jul 7, 2000
    risk 0.08cvss epss 0.59

    FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary…

  • CVE-1999-0368Feb 9, 1999
    risk 0.06cvss epss 0.39

    Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

  • CVE-2003-0853Nov 17, 2003
    risk 0.04cvss epss 0.10

    An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.

  • CVE-2005-0256May 2, 2005
    risk 0.03cvss epss 0.05

    The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.

  • CVE-2003-0854Nov 17, 2003
    risk 0.03cvss epss 0.01

    ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.

  • CVE-2001-0187Mar 26, 2001
    risk 0.03cvss epss 0.06

    Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment.

  • CVE-1999-0997Dec 20, 1999
    risk 0.03cvss epss 0.06

    wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.

  • CVE-2004-0185Mar 15, 2004
    risk 0.01cvss epss 0.07

    Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name.

  • CVE-2004-0148Apr 15, 2004
    risk 0.00cvss epss 0.00

    wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.

  • CVE-2003-1329Dec 31, 2003
    risk 0.00cvss epss 0.01

    ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only allow one non-connected socket bound to the same local address," does not close failed connections, which allows remote attackers to cause a denial of service.

  • CVE-2003-1327Dec 31, 2003
    risk 0.00cvss epss 0.03

    Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which…

  • CVE-2001-0935Nov 28, 2001
    risk 0.00cvss epss 0.01

    Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550.

  • CVE-1999-0878Aug 22, 1999
    risk 0.00cvss epss 0.02

    Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.

  • CVE-1999-0017Dec 10, 1997
    risk 0.00cvss epss 0.02

    FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.

  • CVE-1999-0955Sep 23, 1997
    risk 0.00cvss epss 0.03

    Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command.

  • CVE-1999-1326Jul 4, 1997
    risk 0.00cvss epss 0.02

    wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files.

  • CVE-1999-0076Jul 1, 1997
    risk 0.00cvss epss 0.02

    Buffer overflow in wu-ftp from PASV command causes a core dump.

  • CVE-1999-0156Jul 1, 1997
    risk 0.00cvss epss 0.00

    wu-ftpd FTP daemon allows any user and password combination.

  • CVE-1999-0081Jan 11, 1997
    risk 0.00cvss epss 0.02

    wu-ftp allows files to be overwritten via the rnfr command.

Page 1 of 2