CVE-2000-0573 | Vulnerability Database | Aqua Security

The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.

Affected Software

Name	Vendor	Start Version	End Version
Hp-ux	Hp	11.00	11.00

References

ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2000.02
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:29.wu-ftpd.asc.v1.1
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-009.txt.asc
http://archives.neohapsis.com/archives/bugtraq/2000-06/0244.html
http://archives.neohapsis.com/archives/bugtraq/2000-07/0017.html
http://marc.info/?l=bugtraq\u0026m=96171893218000\u0026w=2
http://marc.info/?l=bugtraq\u0026m=96179429114160\u0026w=2
http://marc.info/?l=bugtraq\u0026m=96299933720862\u0026w=2
http://www.calderasystems.com/support/security/advisories/CSSA-2000-020.0.txt
http://www.cert.org/advisories/CA-2000-13.html
http://www.redhat.com/support/errata/RHSA-2000-039.html
http://www.securityfocus.com/bid/1387
http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=20000623091822.3321.qmail@fiver.freemessage.com
https://exchange.xforce.ibmcloud.com/vulnerabilities/4773

NVD	https://nvd.nist.gov/vuln/detail/CVE-2000-0573
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html