Mandrake Linux Security Advisory : wu-ftpd (MDKSA-2000:014)

Wu-ftpd is vulnerable to a very serious remote attack in the SITE EXEC implementation. Because of user input going directly into a format string for a printf function, it is possible to overwrite important data, such as a return address, on the stack. When this is accomplished, the function can...

CVE-2000-0574

Affected software: OpenBSD ftpd, NetBSD ftpd, ProFTPd, and Opieftpd. The issue is that untrusted format strings are not properly cleansed in setproctitle, allowing remote attackers to cause a denial of service or execute arbitrary commands. The connected Nessus document notes an attack scenario w...