CVE-2001-1413

Stack-based buffer overflow in the comprexx function for ncompress 4.2.4 and earlier, when used in situations that cross security boundaries (such as FTP server), may allow remote attackers to execute arbitrary code via a long filename argument.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://seclists.org/lists/vuln-dev/2001/Nov/0202.html
http://security.gentoo.org/glsa/glsa-200410-08.xml	Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/176363	Third Party Advisory US Government Resource
http://www.redhat.com/support/errata/RHSA-2004-536.html	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/10619

Configurations

Configuration 1 (hide)

cpe:2.3:a:ncompress:ncompress:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2004-12-23 05:00

Updated : 2024-02-04 16:31

NVD link : CVE-2001-1413

Mitre link : CVE-2001-1413

CVE.ORG link : CVE-2001-1413

JSON object : View

Products Affected

ncompress

ncompress

CWE

NVD-CWE-Other

{"id": "CVE-2001-1413", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-12-23T05:00:00.000", "references": [{"url": "http://seclists.org/lists/vuln-dev/2001/Nov/0202.html", "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200410-08.xml", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/176363", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2004-536.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10619", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the comprexx function for ncompress 4.2.4 and earlier, when used in situations that cross security boundaries (such as FTP server), may allow remote attackers to execute arbitrary code via a long filename argument."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en la pila en la funci\u00f3n comprexx de ncompress 4.2.4 y anteriores, cuando se utiliza en situaciones que cruzan l\u00edmites de seguridad (como servidores FTP), puede permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un argumento de nombre de fichero largo."}], "lastModified": "2017-07-11T01:29:05.570", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ncompress:ncompress:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "008D3D9D-E146-4A74-8A92-815A51095085", "versionEndIncluding": "4.2.4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}