Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0573 — Use of Externally-Controlled Format String in HP Hp-ux

13 documents7 sources

Severity

10.0CRITICALNVD

EPSS

91.5%

top 0.33%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

HP Hp-ux

Timeline

PublishedJul 7

Latest updateMay 3

Description

The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDhp/hp-ux11.00

Patches

Patch: www.cert.org ↗Patch: www.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-7g9x-54rv-3848: The lreply function in wu-ftpd 2↗2022-05-03

▶

CVEList

CVE-2000-0573: The lreply function in wu-ftpd 2↗2001-05-07

▶

💥Exploits & PoCs

Exploit-DB

WU-FTPD - Site EXEC/INDEX Format String (Metasploit)↗2010-11-30

▶

Exploit-DB

BeroFTPD 1.3.4(1) (Linux x86) - Remote Code Execution↗2001-05-08

▶

Exploit-DB

WU-FTPD 2.4.2/2.5 .0/2.6.0 - Remote Format String Stack Overwrite (3)↗2001-05-04

▶

Exploit-DB

WU-FTPD 2.6.0 - Remote Format Strings↗2001-01-03

▶

Exploit-DB

WU-FTPD 2.6.0 - Remote Command Execution↗2000-11-21

▶

📋Vendor Advisories

Red Hat

security flaw↗2000-06-23

▶

💬Community

Bugzilla

CVE-2000-0573 security flaw↗2018-08-16

▶