FTP : BSD ftpd setproctitle() format string

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.11391
Category:	FTP
Title:	BSD ftpd setproctitle() format string
Summary:	NOSUMMARY
Description:	Description: The remote FTP server misuses the function setproctitle() and may allow an attacker to gain a root shell on this host by logging in as 'anonymous' and providing a carefully crafted format string as its email address. Solution : upgrade your FTP server. Risk factor : High
Cross-Ref:	BugTraq ID: 1425 BugTraq ID: 1438 Common Vulnerability Exposure (CVE) ID: CVE-2000-0574 http://www.securityfocus.com/bid/1425 http://www.securityfocus.com/bid/1438 Bugtraq: 20000705 proftp advisory (Google Search) http://archives.neohapsis.com/archives/bugtraq/2000-07/0031.html Bugtraq: 20000706 ftpd and setproctitle() (Google Search) http://archives.neohapsis.com/archives/bugtraq/2000-07/0061.html Bugtraq: 20000710 opieftpd setproctitle() patches (Google Search) http://archives.neohapsis.com/archives/bugtraq/2000-07/0121.html http://www.cert.org/advisories/CA-2000-13.html NETBSD Security Advisory: NetBSD-SA2000-009 ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-009.txt.asc
Copyright	This script is Copyright (C) 2003 Renaud Deraison