CVE-2004-0342

WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=107801142924976&w=2	Mailing List
http://secunia.com/advisories/11001	Broken Link
http://www.osvdb.org/4116	Broken Link
http://www.securityfocus.com/bid/9767	Broken Link Exploit Patch Third Party Advisory VDB Entry Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15342	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:wftpd_pro_server_project:wftpd_pro_server:3.21:r1:*:*:*:*:*:*

History

16 Feb 2024, 20:44

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=bugtraq&m=107801142924976&w=2 -~~	() http://marc.info/?l=bugtraq&m=107801142924976&w=2 - Mailing List
References	~~() http://secunia.com/advisories/11001 -~~	() http://secunia.com/advisories/11001 - Broken Link
References	~~() http://www.osvdb.org/4116 -~~	() http://www.osvdb.org/4116 - Broken Link
References	~~() http://www.securityfocus.com/bid/9767 - Exploit, Patch, Vendor Advisory~~	() http://www.securityfocus.com/bid/9767 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/15342 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/15342 - Third Party Advisory, VDB Entry
First Time		Wftpd Pro Server Project wftpd Pro Server Wftpd Pro Server Project
CPE	cpe:2.3:a:texas_imperial_software:wftpd:pro_3.21:::::::* cpe:2.3:a:texas_imperial_software:wftpd:pro_3.20:::::::* cpe:2.3:a:texas_imperial_software:wftpd:3.0_0r3:::::::* cpe:2.3:a:texas_imperial_software:wftpd:3.21:::::::* cpe:2.3:a:texas_imperial_software:wftpd:3.0_0r5:::::::* cpe:2.3:a:texas_imperial_software:wftpd:3.20:::::::* cpe:2.3:a:texas_imperial_software:wftpd:3.0_0r4:::::::* cpe:2.3:a:texas_imperial_software:wftpd:pro_3.10_r1:::::::* cpe:2.3:a:texas_imperial_software:wftpd:3.10_r1:::::::* cpe:2.3:a:texas_imperial_software:wftpd:3.0:::::::* cpe:2.3:a:texas_imperial_software:wftpd:3.0_0r4::pro::::: cpe:2.3:a:texas_imperial_software:wftpd:3.0_0r5::pro::::: cpe:2.3:a:texas_imperial_software:wftpd:3.0::pro:::::	cpe:2.3:a:wftpd_pro_server_project:wftpd_pro_server:3.21:r1::::::
CVSS	v2 : ~~2.1~~ v3 : ~~unknown~~	v2 : 2.1 v3 : 5.5
CWE	~~NVD-CWE-Other~~	CWE-193

Information

Published : 2004-11-23 05:00

Updated : 2024-02-16 20:44

NVD link : CVE-2004-0342

Mitre link : CVE-2004-0342

CVE.ORG link : CVE-2004-0342

JSON object : View

Products Affected

wftpd_pro_server_project

wftpd_pro_server

CWE

CWE-193

Off-by-one Error

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2004-0342

5.5^/10

2.1^/10

Attach tags to `CVE-2004-0342`