CVE-2000-0573 - OpenCVE

The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Hp	Hp-ux

Configuration 1 [-]

cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*

References

Link	Resource
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:29.wu-ftpd.asc.v1.1
ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2000.02
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-009.txt.asc
http://archives.neohapsis.com/archives/bugtraq/2000-06/0244.html
http://archives.neohapsis.com/archives/bugtraq/2000-07/0017.html
http://marc.info/?l=bugtraq&m=96171893218000&w=2
http://marc.info/?l=bugtraq&m=96179429114160&w=2
http://marc.info/?l=bugtraq&m=96299933720862&w=2
http://www.calderasystems.com/support/security/advisories/CSSA-2000-020.0.txt
http://www.cert.org/advisories/CA-2000-13.html	Patch Third Party Advisory US Government Resource
http://www.redhat.com/support/errata/RHSA-2000-039.html
http://www.securityfocus.com/bid/1387
http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000623091822.3321.qmail%40fiver.freemessage.com
https://exchange.xforce.ibmcloud.com/vulnerabilities/4773

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2001-05-07T04:00:00

Updated: 2004-09-02T09:00:00

Reserved: 2000-07-19T00:00:00

Link: CVE-2000-0573

JSON object: View

NVD Information

Status : Modified

Published: 2000-07-07T04:00:00.000

Modified: 2023-11-07T01:55:20.660

Link: CVE-2000-0573

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2000-06-23T00:00:00", "descriptions": [{"lang": "en", "value": "The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2004-09-02T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "CA-2000-13", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.cert.org/advisories/CA-2000-13.html"}, {"name": "20000707 New Released Version of the WuFTPD Sploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=96299933720862&w=2"}, {"name": "RHSA-2000:039", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2000-039.html"}, {"name": "CSSA-2000-020.0", "tags": ["vendor-advisory", "x_refsource_CALDERA"], "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-020.0.txt"}, {"name": "20000622 WuFTPD: Providing *remote* root since at least1994", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=96171893218000&w=2"}, {"name": "20000702 [Security Announce] wu-ftpd update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0017.html"}, {"name": "20000723 CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0244.html"}, {"name": "1387", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/1387"}, {"name": "FreeBSD-SA-00:29", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:29.wu-ftpd.asc.v1.1"}, {"name": "AA-2000.02", "tags": ["third-party-advisory", "x_refsource_AUSCERT"], "url": "ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2000.02"}, {"name": "20000623 WUFTPD 2.6.0 remote root exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=96179429114160&w=2"}, {"name": "NetBSD-SA2000-009", "tags": ["vendor-advisory", "x_refsource_NETBSD"], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-009.txt.asc"}, {"name": "20000623 ftpd: the advisory version", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000623091822.3321.qmail%40fiver.freemessage.com"}, {"name": "wuftp-format-string-stack-overwrite(4773)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4773"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2000-0573", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "CA-2000-13", "refsource": "CERT", "url": "http://www.cert.org/advisories/CA-2000-13.html"}, {"name": "20000707 New Released Version of the WuFTPD Sploit", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=96299933720862&w=2"}, {"name": "RHSA-2000:039", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2000-039.html"}, {"name": "CSSA-2000-020.0", "refsource": "CALDERA", "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-020.0.txt"}, {"name": "20000622 WuFTPD: Providing *remote* root since at least1994", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=96171893218000&w=2"}, {"name": "20000702 [Security Announce] wu-ftpd update", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0017.html"}, {"name": "20000723 CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release)", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0244.html"}, {"name": "1387", "refsource": "BID", "url": "http://www.securityfocus.com/bid/1387"}, {"name": "FreeBSD-SA-00:29", "refsource": "FREEBSD", "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:29.wu-ftpd.asc.v1.1"}, {"name": "AA-2000.02", "refsource": "AUSCERT", "url": "ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2000.02"}, {"name": "20000623 WUFTPD 2.6.0 remote root exploit", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=96179429114160&w=2"}, {"name": "NetBSD-SA2000-009", "refsource": "NETBSD", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-009.txt.asc"}, {"name": "20000623 ftpd: the advisory version", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000623091822.3321.qmail@fiver.freemessage.com"}, {"name": "wuftp-format-string-stack-overwrite(4773)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4773"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2000-0573", "datePublished": "2001-05-07T04:00:00", "dateReserved": "2000-07-19T00:00:00", "dateUpdated": "2004-09-02T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "matchCriteriaId": "771931F7-9180-4EBD-8627-E1CF17D24647", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command."}], "id": "CVE-2000-0573", "lastModified": "2023-11-07T01:55:20.660", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2000-07-07T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:29.wu-ftpd.asc.v1.1"}, {"source": "cve@mitre.org", "url": "ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2000.02"}, {"source": "cve@mitre.org", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-009.txt.asc"}, {"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0244.html"}, {"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0017.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=96171893218000&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=96179429114160&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=96299933720862&w=2"}, {"source": "cve@mitre.org", "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-020.0.txt"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "http://www.cert.org/advisories/CA-2000-13.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2000-039.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/1387"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000623091822.3321.qmail%40fiver.freemessage.com"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4773"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}