New Search

Off-by-one Error in fb_realpath()

oval:org.mitre.oval:def:1970

Off-by-one error in the fb_realpath() function as derived from the realpath function in BSD may allow attackers to execute arbitrary code as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow including (1) STOR (2) RETR (3) APPE (4) DELE (5) MKD (6) RMD (7) STOU or (8) RNTO.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Sun Solaris 9
Class:
vulnerability
Reference(s):
  • CVE-2003-0466
Product(s):
  • Solaris Management Console (SMC)