CVE-2003-0466
CRITICAL severity · CVSS 9.8 · CWE-193
9.8CVSS CRITICAL
Summary
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)78%
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.htmlAdvisory
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc
- http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01
- http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt
- http://marc.info/?l=bugtraq&m=105967301604815&w=2
- http://marc.info/?l=bugtraq&m=106001410028809&w=2
- http://marc.info/?l=bugtraq&m=106001702232325&w=2
- http://marc.info/?l=bugtraq&m=106002488209129&w=2