CVE-2003-1327

Current Description

Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator.

Evaluator Description

Successful exploitation requires that the option "MAIL_ADMIN" has been enabled (not default), that anonymous users have write permissions on a folder, and that the program has been compiled on a system where very long paths are permitted.

Basic Data

PublishedDecember 31, 2003
Last ModifiedJuly 29, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.3
SeverityHIGH
Exploitability Score8.6
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSLinuxLinux Kernel********
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationWashington UniversityWu-ftpd********2.6.2

Vulnerable Software List

VendorProductVersions
Washington University Wu-ftpd *

References

NameSourceURLTags
20030922 Wu_ftpd all versions (not) vulnerability.http://archives.neohapsis.com/archives/bugtraq/2003-09/0348.htmlBUGTRAQ
9835http://secunia.com/advisories/9835SECUNIAVendor Advisory
1007775http://securitytracker.com/id?1007775SECTRACK
2594http://www.osvdb.org/2594OSVDB
8668http://www.securityfocus.com/bid/8668BID
SSA:2003-259-03http://www.slackware.org/security/viewer.php?l=slackware-security&y=2003&m=slackware-security.365971SLACKWARE
wuftp-mailadmin-sockprintf-bo(13269)https://exchange.xforce.ibmcloud.com/vulnerabilities/13269XF