Copyright (C) 2001-2014 E*Maze
The remote ftp server is affected by a remote code execution
The FTPD glob vulnerability manifests itself in handling the glob
command. The problem is not a typical buffer overflow or format string
vulnerability, but a combination of two bugs - an implementation of
the glob command that does not properly return an error condition when
interpreting the string 'bracket', and then frees memory which may
contain user-supplied data.
An attacker who is able to log in to a vulnerable server, including
users with anonymous access, can exploit this to execute arbitrary
code with the privileges of the FTP service.
See also :
Contact your vendor for a fix.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true
Nessus Plugin ID: 10821 (ftpglob.nasl)
Bugtraq ID: 25503581
CVE ID: CVE-2001-0249CVE-2001-0550
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.