Lucene search

[email protected]CVE-2004-0340

HistoryNov 23, 2004 - 5:00 a.m.

CVE-2004-0340

2004-11-2305:00:00

[email protected]

web.nvd.nist.gov

cve-2004-0340

buffer overflow

wftpd pro server

security vulnerability

arbitrary code execution

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands.

Affected configurations

NVD

Node

texas_imperial_softwarewftpdMatch3.0

texas_imperial_softwarewftpdMatch3.0pro

texas_imperial_softwarewftpdMatch3.0_0r3

texas_imperial_softwarewftpdMatch3.0_0r4

texas_imperial_softwarewftpdMatch3.0_0r4pro

texas_imperial_softwarewftpdMatch3.0_0r5

texas_imperial_softwarewftpdMatch3.0_0r5pro

texas_imperial_softwarewftpdMatch3.10_r1

texas_imperial_softwarewftpdMatch3.20

texas_imperial_softwarewftpdMatch3.21

texas_imperial_softwarewftpdMatchpro_3.10_r1

texas_imperial_softwarewftpdMatchpro_3.20

texas_imperial_softwarewftpdMatchpro_3.21

CPENameOperatorVersion
texas_imperial_software:wftpdtexas imperial software wftpdeq3.0
texas_imperial_software:wftpdtexas imperial software wftpdeq3.0_0r3
texas_imperial_software:wftpdtexas imperial software wftpdeq3.0_0r4
texas_imperial_software:wftpdtexas imperial software wftpdeq3.0_0r5
texas_imperial_software:wftpdtexas imperial software wftpdeq3.10_r1
texas_imperial_software:wftpdtexas imperial software wftpdeq3.20
texas_imperial_software:wftpdtexas imperial software wftpdeq3.21
texas_imperial_software:wftpdtexas imperial software wftpdeqpro_3.10_r1
texas_imperial_software:wftpdtexas imperial software wftpdeqpro_3.20
texas_imperial_software:wftpdtexas imperial software wftpdeqpro_3.21

CPE	Name	Operator	Version
texas_imperial_software:wftpd	texas imperial software wftpd	eq	3.0
texas_imperial_software:wftpd	texas imperial software wftpd	eq	3.0_0r3
texas_imperial_software:wftpd	texas imperial software wftpd	eq	3.0_0r4
texas_imperial_software:wftpd	texas imperial software wftpd	eq	3.0_0r5
texas_imperial_software:wftpd	texas imperial software wftpd	eq	3.10_r1
texas_imperial_software:wftpd	texas imperial software wftpd	eq	3.20
texas_imperial_software:wftpd	texas imperial software wftpd	eq	3.21
texas_imperial_software:wftpd	texas imperial software wftpd	eq	pro_3.10_r1
texas_imperial_software:wftpd	texas imperial software wftpd	eq	pro_3.20
texas_imperial_software:wftpd	texas imperial software wftpd	eq	pro_3.21

References

marc.info/?l=bugtraq&m=107801208004699&w=2

secunia.com/advisories/11001

www.securityfocus.com/bid/9767

exchange.xforce.ibmcloud.com/vulnerabilities/15340

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2004-0340

nvd1 cvelist1 nessus1