Published: 07/07/2000 Updated: 07/11/2023

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

The lreply function in wu-ftpd 2.6.0 and previous versions does not properly cleanse an untrusted format string, which allows remote malicious users to execute arbitrary commands via the SITE EXEC command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hp hp-ux 11.00

/* * BeroFTPD 134(1) Linux x86 remote root exploit * by qitest1 - 5/05/2001 * * BeroFTPD is an ftpd derived from wuftpd sources This code * exploits the format bug of the site exec cmd, well known to be * present in wuftpd-260 and derived daemons BeroFTPD 134(1) * is the current version at the moment * * JUST SAMP ...

source: wwwsecurityfocuscom/bid/1387/info Washington University ftp daemon (wu-ftpd) is a very popular unix ftp server shipped with many distributions of Linux and other UNIX operating systems Wu-ftpd is vulnerable to a very serious remote attack in the SITE EXEC implementation Because of user input going directly into a format string f ...

/* ** ** 12:40 11/10/00: Tool for either attack or defense ** within an information warfare setting Rather, it ** is a small program demonstrating proof of concept ** Default values for solaris 28 and inetd ** ** If you are not the intended recipient, or a person ** responsible for delivering it to the intended ** recipient, you are not ...

/* * (c) 2000 venglin / b0f * b0ffreebsdlublinpl * * WUFTPD 260 REMOTE ROOT EXPLOIT (22/06/2000, updated: 05/08/2000) * * Idea and preliminary version of exploit by tf8 * * Greetz: Lam3rZ, TESO, ADM, lcamtuf, karpio * Dedicated to ksm * * **PRIVATE**DO*NOT*DISTRIBUTE** */ #include <stdioh> #include <stdlibh> ...

## # $Id: wuftpd_site_exec_formatrb 11166 2010-11-30 00:16:53Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core ...

NVD-CWE-Other http://www.cert.org/advisories/CA-2000-13.html ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2000.02 http://www.calderasystems.com/support/security/advisories/CSSA-2000-020.0.txt http://www.redhat.com/support/errata/RHSA-2000-039.html http://archives.neohapsis.com/archives/bugtraq/2000-06/0244.html http://archives.neohapsis.com/archives/bugtraq/2000-07/0017.html ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:29.wu-ftpd.asc.v1.1 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-009.txt.asc http://www.securityfocus.com/bid/1387 http://marc.info/?l=bugtraq&m=96171893218000&w=2 http://marc.info/?l=bugtraq&m=96299933720862&w=2 http://marc.info/?l=bugtraq&m=96179429114160&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/4773 http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000623091822.3321.qmail%40fiver.freemessage.com https://nvd.nist.gov https://www.exploit-db.com/exploits/269/

Get Started

CVE-2000-0573

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect