Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2001-0550

Published: 30/11/2001 Updated: 03/05/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 760
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Ftpd-bsd

Vulnerability Summary

wu-ftpd 2.6.1 allows remote malicious users to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

david madore ftpd-bsd 0.3.3

washington university wu-ftpd 2.5.0

washington university wu-ftpd 2.6.0

washington university wu-ftpd 2.6.1

david madore ftpd-bsd 0.3.2

Vendor Advisories

Debian Security Advisories: DSA-087-1 wu-ftpd -- remote root exploit
CORE ST reports that an exploit has been found for a bug in the wu-ftpd glob code (this is the code that handles filename wildcard expansion) Any logged in user (including anonymous FTP users) can exploit the bug to gain root privileges on the server This has been corrected in version 260-6 of the wu-ftpd package ...

Exploits

Exploit DB: WU-FTPD 2.6 - File Globbing Heap Corruption
source: wwwsecurityfocuscom/bid/3581/info Wu-Ftpd is an FTP server based on the BSD 'ftpd' that is maintained by Washington University Wu-Ftpd allows clients to organize files for FTP actions based on "file globbing" patterns File globbing is also used by various shells The implementation of file globbing included in Wu-Ftpd contains ...
Exploit DB: WU-FTPD 2.6.1 - Remote Command Execution
/* 7350wurm - x86/linux wu_ftpd remote root exploit * * TESO CONFIDENTIAL - SOURCE MATERIALS * * This is unpublished proprietary source code of TESO Security * * The contents of these coded instructions, statements and computer * programs may not be disclosed to third parties, copied or duplicated in * any form, in whole or in part, withou ...

Github Repositories

https://github.com/gilberto47831/Network-Filesystem-Forensics

Reports on post-exploitation on honeypot exploiting vulnerable wu-ftpd (CVE-2001-0550)

Network and Filesystem Forensics Reports on post-exploitation on honeypot exploiting vulnerable wu-ftpd (CVE-2001-0550)

References

NVD-CWE-Otherhttp://www.securityfocus.com/bid/3581http://www.kb.cert.org/vuls/id/886083http://www.redhat.com/support/errata/RHSA-2001-157.htmlhttp://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txthttp://www.cert.org/advisories/CA-2001-33.htmlhttp://www.securityfocus.com/archive/82/180823http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000442http://www.debian.org/security/2001/dsa-087http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.htmlhttp://marc.info/?l=bugtraq&m=100700363414799&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/7611https://nvd.nist.govhttps://github.com/gilberto47831/Network-Filesystem-Forensicshttps://www.debian.org/security/./dsa-087https://www.exploit-db.com/exploits/21161/https://www.kb.cert.org/vuls/id/886083
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook