CVE-2000-0574

critical

Description

FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.

References

http://www.securityfocus.com/bid/1438

http://www.securityfocus.com/bid/1425

http://www.cert.org/advisories/CA-2000-13.html

http://archives.neohapsis.com/archives/bugtraq/2000-07/0121.html

http://archives.neohapsis.com/archives/bugtraq/2000-07/0061.html

http://archives.neohapsis.com/archives/bugtraq/2000-07/0031.html

Details

Source: Mitre, NVD

Published: 2000-07-07

Updated: 2008-09-10

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical