CVE-2000-0574

Openbsd Ftpd - Denial of Service

Title source: rule

Description

FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Teso · clocalbsd

https://www.exploit-db.com/exploits/396

View Code ZIP pw:eip

References (7)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/1425

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2000-07/0121.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/1438

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2000-07/0061.html

[Vendor Advisory] ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-009.txt.asc

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2000-07/0031.html

[Patch, Third Party Advisory, US Government Resource] http://www.cert.org/advisories/CA-2000-13.html

Scores

EPSS 0.1274

EPSS Percentile 94.0%

Details

Status published

Products (20)

openbsd/ftpd 5.51

openbsd/ftpd 5.60

washington_university/wu-ftpd 2.4.2_beta1

washington_university/wu-ftpd 2.4.2_beta18

washington_university/wu-ftpd 2.4.2_beta18_vr4

washington_university/wu-ftpd 2.4.2_beta18_vr5

washington_university/wu-ftpd 2.4.2_beta18_vr6

washington_university/wu-ftpd 2.4.2_beta18_vr7

washington_university/wu-ftpd 2.4.2_beta18_vr8

washington_university/wu-ftpd 2.4.2_beta18_vr9

... and 10 more

Published Jul 07, 2000

Tracked Since Feb 18, 2026