Vulnerabilities > CVE-2000-0574
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.
Vulnerable Configurations
Exploit-Db
description | OpenBSD ftp Exploit (teso). CVE-2000-0574. Local exploit for bsd platform |
id | EDB-ID:396 |
last seen | 2016-01-31 |
modified | 2002-01-01 |
published | 2002-01-01 |
reporter | Teso |
source | https://www.exploit-db.com/download/396/ |
title | OpenBSD ftp Exploit teso |
Nessus
NASL family | FTP |
NASL id | FTP_SETPROCTITLE.NASL |
description | The remote FTP server misuses the function setproctitle() and may allow an attacker to gain a root shell on this host by logging in as |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11391 |
published | 2003-03-15 |
reporter | This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/11391 |
title | Multiple FTP Server setproctitle Function Arbitrary Command Execution |
code |
|
References
- ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-009.txt.asc
- http://archives.neohapsis.com/archives/bugtraq/2000-07/0031.html
- http://archives.neohapsis.com/archives/bugtraq/2000-07/0061.html
- http://archives.neohapsis.com/archives/bugtraq/2000-07/0121.html
- http://www.cert.org/advisories/CA-2000-13.html
- http://www.securityfocus.com/bid/1425
- http://www.securityfocus.com/bid/1438