CVE-2005-0312 - Vulnerability Details - OpenCVE

WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service (access violation) via a CWD command with a crafted pathname, as demonstrated using a large string of "%s" sequences, possibly indicating a format string vulnerability.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
War Ftp Daemon	War Ftp Daemon

Configuration 1 [-]

OR	cpe:2.3:a:war_ftp_daemon:war_ftp_daemon:1.8:::::::*
	cpe:2.3:a:war_ftp_daemon:war_ftp_daemon:1.82_rc9:::::::*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=110687202332039&w=2
http://support.jgaa.com/index.php?cmd=ShowReport&ID=02643
http://www.securityfocus.com/bid/12384
https://exchange.xforce.ibmcloud.com/vulnerabilities/19129

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-02-10T05:00:00

Updated: 2024-08-07T21:05:25.548Z

Reserved: 2005-02-10T00:00:00

Link: CVE-2005-0312

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2005-01-27T05:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2005-0312

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-01-27T00:00:00", "descriptions": [{"lang": "en", "value": "WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service (access violation) via a CWD command with a crafted pathname, as demonstrated using a large string of \"%s\" sequences, possibly indicating a format string vulnerability."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "warftpd-cwd-dos(19129)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19129"}, {"name": "12384", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/12384"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.jgaa.com/index.php?cmd=ShowReport&ID=02643"}, {"name": "20050127 WarFTPD 1.82 RC9 DoS", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=110687202332039&w=2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-0312", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service (access violation) via a CWD command with a crafted pathname, as demonstrated using a large string of \"%s\" sequences, possibly indicating a format string vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "warftpd-cwd-dos(19129)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19129"}, {"name": "12384", "refsource": "BID", "url": "http://www.securityfocus.com/bid/12384"}, {"name": "http://support.jgaa.com/index.php?cmd=ShowReport&ID=02643", "refsource": "CONFIRM", "url": "http://support.jgaa.com/index.php?cmd=ShowReport&ID=02643"}, {"name": "20050127 WarFTPD 1.82 RC9 DoS", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=110687202332039&w=2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T21:05:25.548Z"}, "title": "CVE Program Container", "references": [{"name": "warftpd-cwd-dos(19129)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19129"}, {"name": "12384", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/12384"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.jgaa.com/index.php?cmd=ShowReport&ID=02643"}, {"name": "20050127 WarFTPD 1.82 RC9 DoS", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=110687202332039&w=2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-0312", "datePublished": "2005-02-10T05:00:00", "dateReserved": "2005-02-10T00:00:00", "dateUpdated": "2024-08-07T21:05:25.548Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:war_ftp_daemon:war_ftp_daemon:1.8:*:*:*:*:*:*:*", "matchCriteriaId": "AB927CA2-341F-4B24-A55B-F59BA8B44E23", "vulnerable": true}, {"criteria": "cpe:2.3:a:war_ftp_daemon:war_ftp_daemon:1.82_rc9:*:*:*:*:*:*:*", "matchCriteriaId": "A85AD8B6-0130-4AD2-BE8C-09E257276B2A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service (access violation) via a CWD command with a crafted pathname, as demonstrated using a large string of \"%s\" sequences, possibly indicating a format string vulnerability."}], "id": "CVE-2005-0312", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-01-27T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=110687202332039&w=2"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://support.jgaa.com/index.php?cmd=ShowReport&ID=02643"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/12384"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19129"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=110687202332039&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://support.jgaa.com/index.php?cmd=ShowReport&ID=02643"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/12384"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19129"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}