CVE: CVE-2001-1413 - CVE-Search

CVE Details for CVE: CVE-2001-1413

Summary

Stack-based buffer overflow in the comprexx function for ncompress 4.2.4 and earlier, when used in situations that cross security boundaries (such as FTP server), may allow remote attackers to execute arbitrary code via a long filename argument.

Timestamps
Last major update	11-07-2017 - 01:29
Published	23-12-2004 - 05:00
Last modified	11-07-2017 - 01:29

References

http://security.gentoo.org/glsa/glsa-200410-08.xml
http://www.kb.cert.org/vuls/id/176363
http://www.redhat.com/support/errata/RHSA-2004-536.html
http://seclists.org/lists/vuln-dev/2001/Nov/0202.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/10619

Vulnerable Configurations

cpe:2.3:a:ncompress:ncompress:*:*:*:*:*:*:*:*
cpe:2.3:a:ncompress:ncompress:*:*:*:*:*:*:*:*

CAPEC

Click the CAPEC title to display a description

CWE

NVD-CWE-Other

CVSS

Base

7.5

Impact

6.4

Exploitability

10.0

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

CVSS3

None

VIA4 references

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

redhat via4

advisories

rhsa

id	RHSA-2004:536

refmap via4

cert-vn	VU#176363
gentoo	GLSA-200410-08
vuln-dev	20010621 New bugs, old bugs
xf	ncompress-filename-bo(10619)