Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0550

9 documents7 sources
Severity
7.5HIGH
EPSS
60.9%
top 1.70%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
David Madore Ftpd-bsdWashington University Wu-ftpd
Timeline
PublishedNov 30
Latest updateApr 30

Description

wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDdavid_madore/ftpd-bsd0.3.2, 0.3.3+1
NVDwashington_university/wu-ftpd2.5.0, 2.6.0, 2.6.1+2

Patches

Patch: www.caldera.comPatch: www.cert.orgPatch: www.kb.cert.org

🔴Vulnerability Details

3
GHSA
GHSA-fq5j-pgh2-4grh: wu-ftpd 22022-04-30
CVEList
CVE-2001-0550: wu-ftpd 22002-06-25
VulnCheck
wu-ftpd 2.6.1 Arbitrary Command Execution2001

💥Exploits & PoCs

2
Exploit-DB
WU-FTPD 2.6.1 - Remote Command Execution2002-05-14
Exploit-DB
WU-FTPD 2.6 - File Globbing Heap Corruption2001-11-27

📋Vendor Advisories

2
Red Hat
security flaw2001-04-30
Red Hat
CVE-2001-0935: Vulnerability in wu-ftpd 2

💬Community

1
Bugzilla
CVE-2001-0550 security flaw2018-08-16