High

CVE-2004-0159 - Unspecified vulnerability in Samhain Labs Hsftp

Publication: 2004-03-15
Summary

Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command.

Risk level (CVSS 7.5)

High

7.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Samhain Labs Hsftp 1.4
  • Samhain Labs Hsftp 1.5
  • Samhain Labs Hsftp 1.6
  • Samhain Labs Hsftp 1.7
  • Samhain Labs Hsftp 1.9
  • Samhain Labs Hsftp 1.10
  • Samhain Labs Hsftp 1.11