CVE-2001-0249

CRITICAL

Solaris 8 - Buffer Overflow

Title source: llm

Description

Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.

References (4)

[Broken Link] http://www.nai.com/research/covert/advisories/048.asp

[Patch, Third Party Advisory, US Government Resource] http://www.cert.org/advisories/CA-2001-07.html

[Broken Link, Patch, Third Party Advisory, VDB Entry, Vendor Advisory] http://www.securityfocus.com/bid/2550

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/6332

Scores

CVSS v3 9.8

EPSS 0.0470

EPSS Percentile 89.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-131

Status published

Products (3)

hp/hp-ux 11.00

oracle/solaris 8

sgi/irix 6.5 - 6.5.20

Published Jun 18, 2001

Tracked Since Feb 18, 2026