CVE-2000-0574 Information

Description

FTP servers such as OpenBSD ftpd NetBSD ftpd ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title) which allows remote attackers to cause a denial of service or execute arbitrary commands.

Reference

ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-009.txt.asc http://archives.neohapsis.com/archives/bugtraq/2000-07/0031.html http://archives.neohapsis.com/archives/bugtraq/2000-07/0061.html http://archives.neohapsis.com/archives/bugtraq/2000-07/0121.html http://www.cert.org/advisories/CA-2000-13.html http://www.securityfocus.com/bid/1425 http://www.securityfocus.com/bid/1438