Heap Overflow in Solaris FTP Daemon
CVE-2001-0249

9.8CRITICAL

Key Information:

Vendor

HP
Status
Sunos
Solaris
Vendor
CVE Published:
18 June 2001

What is CVE-2001-0249?

The Solaris FTP daemon in version 8 is susceptible to a heap overflow vulnerability that can be exploited by remote attackers. By crafting an excessively long pathname and utilizing the LIST command, attackers can leverage globbing features to generate lengthy strings. This exploit enables the execution of arbitrary commands on the affected system, posing a significant security threat to users of Solaris 8.

References

http://www.nai.com/research/covert/advisories/048.asp
vendor-advisoryx_refsource_NAI
http://www.cert.org/advisories/CA-2001-07.html
third-party-advisoryx_refsource_CERT
http://www.securityfocus.com/bid/2550
vdb-entryx_refsource_BID

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.