Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0574

4 documents4 sources

Severity

5.0MEDIUM

EPSS

12.7%

top 6.00%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Openbsd Ftpd Washington University Wu-ftpd

Timeline

PublishedJul 7

Latest updateMay 3

Description

FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDopenbsd/ftpd5.51, 5.60+1

▶NVDwashington_university/wu-ftpd18 versions+17

Patches

Patch: www.cert.org ↗Patch: www.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-8prx-m86f-2h6h: FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle↗2022-05-03

▶

CVEList

CVE-2000-0574: FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle↗2000-07-19

▶

💥Exploits & PoCs

Exploit-DB

OpenBSD - 'ftp' Local Overflow↗2002-01-01

▶