Vulnerability Details CVE-2000-0574
FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.127
EPSS Ranking 93.6%
CVSS Severity
CVSS v2 Score 5.0
References
- ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-009.txt.asc
- http://archives.neohapsis.com/archives/bugtraq/2000-07/0031.html
- http://archives.neohapsis.com/archives/bugtraq/2000-07/0061.html
- http://archives.neohapsis.com/archives/bugtraq/2000-07/0121.html
- http://www.cert.org/advisories/CA-2000-13.html
- http://www.securityfocus.com/bid/1425
- http://www.securityfocus.com/bid/1438
- ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-009.txt.asc
- http://archives.neohapsis.com/archives/bugtraq/2000-07/0031.html
- http://archives.neohapsis.com/archives/bugtraq/2000-07/0061.html
- http://archives.neohapsis.com/archives/bugtraq/2000-07/0121.html
- http://www.cert.org/advisories/CA-2000-13.html
- http://www.securityfocus.com/bid/1425
- http://www.securityfocus.com/bid/1438
Products affected by CVE-2000-0574
-
cpe:2.3:a:openbsd:ftpd:5.51
-
cpe:2.3:a:openbsd:ftpd:5.60
-
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta1
-
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18
-
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr10
-
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr11
-
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr12
-
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr13
-
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr14
-
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr15
-
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4
-
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5
-
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6
-
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr7
-
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8
-
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9
-
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr16
-
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr17
-
cpe:2.3:a:washington_university:wu-ftpd:2.5
-
cpe:2.3:a:washington_university:wu-ftpd:2.6