CVE-2005-3524
published 2005-11-07CVE-2005-3524: Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 allows remote attackers to execute arbitrary code by creating a long directory…
PriorityP354critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
21.48%
97.3th percentile
Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 allows remote attackers to execute arbitrary code by creating a long directory name, then executing the XPWD command.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux-ftpd-ssl | < linux-ftpd-ssl 0.17.18+0.3-5 (bookworm) | linux-ftpd-ssl 0.17.18+0.3-5 (bookworm) |
| linux-ftpd-ssl | linux-ftpd-ssl | — | — |
| linux-ftpd-ssl | linux-ftpd-ssl | >= 0 < 0.17.18+0.3-5 | 0.17.18+0.3-5 |
| linux-ftpd-ssl | linux-ftpd-ssl | >= 0 < 0.17.18+0.3-5 | 0.17.18+0.3-5 |
| linux-ftpd-ssl | linux-ftpd-ssl | >= 0 < 0.17.18+0.3-5 | 0.17.18+0.3-5 |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-23wf-343v-3cqg: Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0
ghsa_unreviewed·2022-05-01
CVE-2005-3524 [HIGH] GHSA-23wf-343v-3cqg: Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0
Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 allows remote attackers to execute arbitrary code by creating a long directory name, then executing the XPWD command.
OSV
CVE-2005-3524: Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0
osv·2005-11-07·CVSS 10.0
CVE-2005-3524 [CRITICAL] CVE-2005-3524: Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0
Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 allows remote attackers to execute arbitrary code by creating a long directory name, then executing the XPWD command.
Debian
CVE-2005-3524: linux-ftpd-ssl - Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 all...
vendor_debian·2005·CVSS 10.0
CVE-2005-3524 [CRITICAL] CVE-2005-3524: linux-ftpd-ssl - Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 all...
Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 allows remote attackers to execute arbitrary code by creating a long directory name, then executing the XPWD command.
Scope: local
bookworm: resolved (fixed in 0.17.18+0.3-5)
bullseye: resolved (fixed in 0.17.18+0.3-5)
forky: resolved (fixed in 0.17.18+0.3-5)
sid: resolved (fixed in 0.17.18+0.3-5)
No detection rules found.
No writeups or analysis indexed.
http://seclists.org/lists/fulldisclosure/2005/Nov/0140.htmlhttp://secunia.com/advisories/17465http://secunia.com/advisories/17529http://secunia.com/advisories/17586http://www.debian.org/security/2005/dsa-896http://www.osvdb.org/20530http://www.securityfocus.com/bid/15343http://www.vupen.com/english/advisories/2005/2330https://exchange.xforce.ibmcloud.com/vulnerabilities/23016http://seclists.org/lists/fulldisclosure/2005/Nov/0140.htmlhttp://secunia.com/advisories/17465http://secunia.com/advisories/17529http://secunia.com/advisories/17586http://www.debian.org/security/2005/dsa-896http://www.osvdb.org/20530http://www.securityfocus.com/bid/15343http://www.vupen.com/english/advisories/2005/2330https://exchange.xforce.ibmcloud.com/vulnerabilities/23016
2005-11-07
Published