CVE-2001-0249
CRITICALSolaris 8 - Remote Code Execution via FTP LIST Command Heap Overflow
Title source: llmDescription
Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.
References (4)
Core 4
Core References
Broken Link vendor-advisory
x_refsource_nai
http://www.nai.com/research/covert/advisories/048.asp
Patch, Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.cert.org/advisories/CA-2001-07.html
Broken Link, Patch, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/2550
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6332
Scores
CVSS v3
9.8
EPSS
0.1975
EPSS Percentile
97.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-131
Status
published
Products (3)
hp/hp-ux
11.00
oracle/solaris
8
sgi/irix
6.5 - 6.5.20
Published
Jun 18, 2001
Tracked Since
Feb 18, 2026