Description
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.
Products
- Mit Kerberos 5 1.1.1
- Mit Kerberos 5 1.2.1
- Mit Kerberos 5 1.2.2
- Mit Kerberos 5 1.2
- Mit Kerberos 5 1.2
- Mit Kerberos 5 1.2 Beta 1
- Mit Kerberos 5 1.2 Beta 2
- FreeBSD 2.2.2
- FreeBSD 2.2.3
- FreeBSD 2.2.4
- FreeBSD 2.2.5
- FreeBSD 2.2.6
- FreeBSD 2.2.8
- FreeBSD 2.2
- FreeBSD 3.0
- FreeBSD 3.1
- FreeBSD 3.2
- FreeBSD 3.3
- FreeBSD 3.3
- FreeBSD 3.3 Release Candidate
- FreeBSD 3.4
- FreeBSD 3.5.1
- FreeBSD 3.5
- FreeBSD 4.0
- FreeBSD 4.1.1
- FreeBSD 4.1
- FreeBSD 4.2
- NetBSD 1.2.1
- NetBSD 1.3.1
- NetBSD 1.3.2
- NetBSD 1.3.3
- NetBSD 1.3
- NetBSD 1.4.1
- NetBSD 1.4.2
- NetBSD 1.4.3
- NetBSD 1.4
- NetBSD 1.5
- OpenBSD 2.3
- OpenBSD 2.4
- OpenBSD 2.5
- OpenBSD 2.6
- OpenBSD 2.7
- OpenBSD 2.8
- SGI IRIX 6.1
- SGI IRIX 6.5.10
- SGI IRIX 6.5.11
- SGI IRIX 6.5.1
- SGI IRIX 6.5.2m
- SGI IRIX 6.5.3
- SGI IRIX 6.5.3f
- SGI IRIX 6.5.3m
- SGI IRIX 6.5.4
- SGI IRIX 6.5.5
- SGI IRIX 6.5.6
- SGI IRIX 6.5.7
- SGI IRIX 6.5.8
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2001-0247, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2001-0247 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References