National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2005-0256 Detail

Current Description

The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.

Source:  MITRE      Last Modified:  05/02/2005      View Analysis Description

Quick Info

CVE Dictionary Entry:
CVE-2005-0256
Original release date:
05/02/2005
Last revised:
10/10/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
5.0 MEDIUM
Vector:
(AV:N/AC:L/Au:N/C:N/I:N/A:P) (legend)
Impact Subscore:
2.9
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Allows disruption of service

Vendor Statements (disclaimer)

Official Statement from Red Hat (10/23/2006)

Not vulnerable. Red Hat Enterprise Linux 2.1 shipped with wu-ftpd, however we were unable to reproduce this issue. Additionally, a code analysis showed that attempts to exploit this issue would be caught in the versions we shipped. http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=149720

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.63/SCOSA-2005.63.txt External Source SCO SCOSA-2005.63
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342 External Source HP SSRT061110
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101699-1 External Source SUNALERT 101699
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57795-1 External Source SUNALERT 57795
http://www.debian.org/security/2005/dsa-705 Patch; Vendor Advisory External Source DEBIAN DSA-705
http://www.idefense.com/application/poi/display?id=207&type=vulnerabilities Exploit External Source IDEFENSE 20050225 WU-FTPD File Globbing Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2005/0588 Vendor Advisory External Source VUPEN ADV-2005-0588
http://www.vupen.com/english/advisories/2006/1271 Vendor Advisory External Source VUPEN ADV-2006-1271
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1265 External Source OVAL oval:org.mitre.oval:def:1265
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1333 External Source OVAL oval:org.mitre.oval:def:1333
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1762 External Source OVAL oval:org.mitre.oval:def:1762

References to Check Content

Identifier:
oval:org.mitre.oval:def:1265
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:1265
Identifier:
oval:org.mitre.oval:def:1333
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:1333
Identifier:
oval:org.mitre.oval:def:1762
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:1762

Technical Details

Vulnerability Type (View All)

Change History 3 change records found - show changes