Vulnerability Details : CVE-2003-0963
Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for lftp 2.6.9 and earlier allow remote HTTP servers to execute arbitrary code via long directory names that are processed by the ls or rels commands.
Vulnerability category: Execute code
Products affected by CVE-2003-0963
- cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:alexander_v._lukyanov:lftp:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:alexander_v._lukyanov:lftp:2.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:alexander_v._lukyanov:lftp:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.9:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2003-0963
1.74%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2003-0963
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2003-0963
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11180
404 Not Found
-
http://marc.info/?l=bugtraq&m=107126386226196&w=2
'[slackware-security] lftp security update (SSA:2003-346-01)' - MARC
-
http://www.novell.com/linux/security/advisories/2003_051_lftp.html
404 Page Not Found | SUSE
-
http://www.redhat.com/support/errata/RHSA-2003-403.html
Support
-
http://marc.info/?l=bugtraq&m=107177409418121&w=2
'GLSA: lftp (200312-07)' - MARC
-
http://marc.info/?l=bugtraq&m=107167974714484&w=2
'[OpenPKG-SA-2003.053] OpenPKG Security Advisory (lftp)' - MARC
-
http://marc.info/?l=bugtraq&m=107152267121513&w=2
'lftp buffer overflows' - MARC
-
ftp://patches.sgi.com/support/free/security/advisories/20040101-01-U
-
http://www.mandriva.com/security/advisories?name=MDKSA-2003:116
Mandriva
-
http://marc.info/?l=bugtraq&m=107340499504411&w=2
'[CLA-2004:800] Conectiva Security Announcement - lftp' - MARC
-
http://www.redhat.com/support/errata/RHSA-2003-404.html
Support
-
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
-
http://www.debian.org/security/2004/dsa-406
Debian -- The Universal Operating System
Jump to