5

CVE-2005-0256

Exploit
The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Washington UniversityWu-ftpd Version2.6.1
Washington UniversityWu-ftpd Version2.6.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.21% 0.914
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.debian.org/security/2005/dsa-705
Patch
Vendor Advisory
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.63/SCOSA-2005.63.txt
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342
http://secunia.com/advisories/14411
Vendor Advisory
http://secunia.com/advisories/18210
Vendor Advisory
http://secunia.com/advisories/19561
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101699-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57795-1
http://www.idefense.com/application/poi/display?id=207&type=vulnerabilities
Exploit
http://www.osvdb.org/14203
http://www.vupen.com/english/advisories/2005/0588
Vendor Advisory
http://www.vupen.com/english/advisories/2006/1271
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1265
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1333
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1762