exploits , vulnerabilities , articles , Wu-Ftpd Remote Format String Stack Overwrite Vulnerability

Title	Wu-Ftpd Remote Format String Stack Overwrite Vulnerability
Published	2000-06-22-12:00AM
Updated	2000-06-22-12:00AM
Class	Input Validation Error
CVE	CVE-2000-0573
Remote	Yes
Local	No
Credit	First posted to Bugtraq by tf8 <tf8@zolo.freelsd.net> on June 22, 2000.
Vulnerable	Washington University wuftpd 2.6 .0 Cobalt Qube 1.0 Conectiva Linux 4.0 Conectiva Linux 4.0 es Conectiva Linux 4.1 Conectiva Linux 4.2 Conectiva Linux 5.0 Conectiva Linux 5.1 Debian Linux 2.2 Debian Linux 2.2 68k Debian Linux 2.2 alpha Debian Linux 2.2 arm Debian Linux 2.2 powerpc Debian Linux 2.2 sparc FreeBSD FreeBSD 4.3 FreeBSD FreeBSD 4.3 RELEASE FreeBSD FreeBSD 4.3 STABLE FreeBSD FreeBSD 4.4 HP HPUX 11.0 HP HPUX 11.11 RedHat Linux 5.2 alpha RedHat Linux 5.2 i386 RedHat Linux 5.2 sparc RedHat Linux 6.0 RedHat Linux 6.0 alpha RedHat Linux 6.0 sparc RedHat Linux 6.1 alpha RedHat Linux 6.1 i386 RedHat Linux 6.1 sparc RedHat Linux 6.2 alpha RedHat Linux 6.2 i386 RedHat Linux 6.2 sparc S.u.S.E. Linux 6.1 S.u.S.E. Linux 6.1 alpha S.u.S.E. Linux 6.2 S.u.S.E. Linux 6.3 S.u.S.E. Linux 6.3 alpha S.u.S.E. Linux 6.3 ppc S.u.S.E. Linux 6.4 S.u.S.E. Linux 6.4 alpha S.u.S.E. Linux 6.4 ppc S.u.S.E. Linux 7.0 alpha S.u.S.E. Linux 7.0 i386 S.u.S.E. Linux 7.0 ppc S.u.S.E. Linux 7.0 sparc S.u.S.E. Linux 7.1 alpha S.u.S.E. Linux 7.1 ppc S.u.S.E. Linux 7.1 sparc S.u.S.E. Linux 7.1 x86 S.u.S.E. Linux 7.2 i386 S.u.S.E. Linux 7.3 i386 S.u.S.E. Linux 7.3 ppc S.u.S.E. Linux 7.3 sparc Turbolinux Turbolinux 4.0 Wirex Immunix OS 6.2 Washington University wuftpd 2.5 .0 Caldera OpenLinux 2.4 Caldera OpenLinux Desktop 2.3 RedHat Linux 6.0 RedHat Linux 6.0 alpha RedHat Linux 6.0 sparc SCO eDesktop 2.4 SCO eServer 2.3 SCO eServer 2.3.1 Washington University wuftpd 2.4.2 academ[BETA115] Caldera OpenLinux Standard 1.2 Washington University wuftpd 2.4.2 academ[BETA18] RedHat Linux 5.2 i386 Turbolinux Turbolinux 4.0 Turbolinux Turbolinux 3.5 b2 Slackware Linux 7.1 Slackware Linux 7.0 RedHat Linux 6.2 sparc RedHat Linux 6.2 i386 RedHat Linux 6.2 alpha RedHat Linux 6.1 sparc RedHat Linux 6.1 i386 RedHat Linux 6.1 alpha RedHat Linux 6.0 sparc RedHat Linux 6.0 alpha RedHat Linux 6.0 RedHat Linux 5.2 sparc RedHat Linux 5.2 i386 RedHat Linux 5.2 alpha RedHat Linux 5.1 Standard & Poors ComStock 4.2.4 RedHat Linux 5.0 HP HPUX (VVOS) 10.24 HP HPUX 11.0 4 HP HPUX 11.0 HP HPUX 10.26 HP HPUX 10.20 HP HPUX 10.16 HP HPUX 10.10 HP HPUX 10.0 1 Debian Linux 2.3 Debian Linux 2.2 Debian Linux 2.1 Conectiva Linux 5.0 Conectiva Linux 4.2 Conectiva Linux 4.1 Conectiva Linux 4.0 es Conectiva Linux 4.0 Conectiva Linux 3.0 Caldera OpenLinux 2.4 Caldera OpenLinux 2.3 Caldera OpenLinux 2.2
Not Vulnerable	SGI IRIX 6.5.8 SGI IRIX 6.4 SGI IRIX 6.3 SGI IRIX 6.2 SGI IRIX 6.1 SGI IRIX 6.0 SGI IRIX 5.3 SGI IRIX 5.2 SGI IRIX 5.1 SGI IRIX 5.0 SGI IRIX 4.0 SGI IRIX 3.3 SGI IRIX 3.2
Code	CORE has developed a working commercial exploit for their IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild. Several exploits are available: /data/vulnerabilities/exploits/wuftpd-2.6.0-exp2.c /data/vulnerabilities/exploits/wuftpd2600.c /data/vulnerabilities/exploits/wuftpd-god.c /data/vulnerabilities/exploits/wu-lnx.c /data/vulnerabilities/exploits/autowux.tar.gz /data/vulnerabilities/exploits/wu-ftpd-solsparc.c
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-17 Mozilla Firefox CVE-2009-3979 Multiple Remote Memory Corruption Vulnerabilities
• 2009-12-17 Mozilla Firefox CVE-2009-3981 Remote Memory Corruption Vulnerability
• 2009-12-17 Drupal Sections Module HTML Injection Vulnerability
• 2009-12-17 Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability
• 2009-12-17 Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
• 2009-12-17 Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
• 2009-12-17 Mozilla Firefox/SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability
• 2009-12-16 ZABBIX Denial Of Service and SQL Injection Vulnerabilities
• 2009-12-16 IBM WebSphere Application Server JNDI Remote Information Disclosure Vulnerability
• 2009-12-16 Horde Application Framework Administration Interface Cross-Site Scripting Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Thu, 17 Dec 2009 15:51:52 +0000