CVE-2004-0794 - OpenCVE

Multiple signal handler race conditions in lukemftpd (aka tnftpd before 20040810) allow remote authenticated attackers to cause a denial of service or execute arbitrary code.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Luke Mewburn	Tnftpd Lukemftp

Configuration 1 [-]

OR	cpe:2.3:a:luke_mewburn:lukemftp:1.1:::::::*
	cpe:2.3:a:luke_mewburn:lukemftp:1.5:::::::*
	cpe:2.3:a:luke_mewburn:tnftpd:2003-12-17:::::::*

References

Link	Resource
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-009.txt.asc	Patch Vendor Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025418.html
http://www.debian.org/security/2004/dsa-551
http://www.vuxml.org/freebsd/c4b025bb-f05d-11d8-9837-000c41e2cdad.html	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17020

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2004-08-19T04:00:00

Updated: 2017-07-10T14:57:01

Reserved: 2004-08-17T00:00:00

Link: CVE-2004-0794

JSON object: View

NVD Information

Status : Modified

Published: 2004-10-20T04:00:00.000

Modified: 2017-07-11T01:30:28.777

Link: CVE-2004-0794

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-08-17T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple signal handler race conditions in lukemftpd (aka tnftpd before 20040810) allow remote authenticated attackers to cause a denial of service or execute arbitrary code."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.vuxml.org/freebsd/c4b025bb-f05d-11d8-9837-000c41e2cdad.html"}, {"name": "tnftpd-gain-access(17020)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17020"}, {"name": "DSA-551", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2004/dsa-551"}, {"name": "20040817 Multiple remote vulnerabilities in lukemftpd aka. tnftpd", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025418.html"}, {"name": "NetBSD-SA2004-009", "tags": ["vendor-advisory", "x_refsource_NETBSD"], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-009.txt.asc"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0794", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple signal handler race conditions in lukemftpd (aka tnftpd before 20040810) allow remote authenticated attackers to cause a denial of service or execute arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.vuxml.org/freebsd/c4b025bb-f05d-11d8-9837-000c41e2cdad.html", "refsource": "CONFIRM", "url": "http://www.vuxml.org/freebsd/c4b025bb-f05d-11d8-9837-000c41e2cdad.html"}, {"name": "tnftpd-gain-access(17020)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17020"}, {"name": "DSA-551", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-551"}, {"name": "20040817 Multiple remote vulnerabilities in lukemftpd aka. tnftpd", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025418.html"}, {"name": "NetBSD-SA2004-009", "refsource": "NETBSD", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-009.txt.asc"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0794", "datePublished": "2004-08-19T04:00:00", "dateReserved": "2004-08-17T00:00:00", "dateUpdated": "2017-07-10T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:luke_mewburn:lukemftp:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "642D1A0A-408D-4030-B4FF-B0790AAAFF0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:luke_mewburn:lukemftp:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "066AA8A7-F0B0-48D6-BF76-86FBB71FDCC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:luke_mewburn:tnftpd:2003-12-17:*:*:*:*:*:*:*", "matchCriteriaId": "B3714378-9F90-4002-9504-E57FF75EFAE6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple signal handler race conditions in lukemftpd (aka tnftpd before 20040810) allow remote authenticated attackers to cause a denial of service or execute arbitrary code."}, {"lang": "es", "value": "M\u00fcltiples condiciones de carrera en lunkemftpd (tambi\u00e9n llamado tnftpd antes de 20040810) permite a atacantes remotos autentificados causar una denegaci\u00f3n de servicio o ejecutar c\u00f3digo de su elecci\u00f3n."}], "id": "CVE-2004-0794", "lastModified": "2017-07-11T01:30:28.777", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-10-20T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-009.txt.asc"}, {"source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025418.html"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2004/dsa-551"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vuxml.org/freebsd/c4b025bb-f05d-11d8-9837-000c41e2cdad.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17020"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}