CVE-2003-0466 — CRITICAL (9.8)

Q: How severe is CVE-2003-0466?

CVE-2003-0466 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2003-0466?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Wu Ftpd, Wuftpd Wu-Ftpd, Apple Mac Os X, Apple Mac Os X Server, Freebsd Freebsd.

Vulnerability Description

Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Redhat	Wu Ftpd	2.6.1-16
Wuftpd	Wu-Ftpd	>= 2.5.0, <= 2.6.2
Apple	Mac Os X	10.2.6
Apple	Mac Os X Server	10.2.6
Freebsd	Freebsd	>= 4.0, <= 5.0
Netbsd	Netbsd	>= 1.5, <= 1.6.1
Openbsd	Openbsd	>= 2.0, <= 3.3
Sun	Solaris	9.0

Related Weaknesses (CWE)

CWE-193

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.ascBroken Link
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.htmlBroken LinkExploitVendor Advisory
http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01Broken Link
http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txtBroken Link
http://marc.info/?l=bugtraq&m=105967301604815&w=2Mailing List
http://marc.info/?l=bugtraq&m=106001410028809&w=2Mailing List
http://marc.info/?l=bugtraq&m=106001702232325&w=2Mailing List
http://marc.info/?l=bugtraq&m=106002488209129&w=2Mailing List
http://secunia.com/advisories/9423Broken Link
http://secunia.com/advisories/9446Broken Link
http://secunia.com/advisories/9447Broken Link
http://secunia.com/advisories/9535Broken Link
http://securitytracker.com/id?1007380Broken LinkThird Party AdvisoryVDB Entry
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001257.1-1Broken Link
http://www.debian.org/security/2003/dsa-357Broken Link

FAQ

What is CVE-2003-0466?

CVE-2003-0466 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands...

How severe is CVE-2003-0466?

CVE-2003-0466 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2003-0466?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Wu Ftpd, Wuftpd Wu-Ftpd, Apple Mac Os X, Apple Mac Os X Server, Freebsd Freebsd.