Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Format string vulnerability in the msg command (cat_message function in msg.c) in OpenFTPD 0.30.2 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in the message argument.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OpenFTPD远程格式串处理导致任意指令执行漏洞
Vulnerability Description
openftpd是一款开放源代码FTPD程序。 openftpd不正确处理部分命令参数,远程攻击者可以利用这个漏洞进行格式串攻击,可能以进程权限在系统上执行任意指令。 问题存在于'misc/msg.c'文件中,攻击者提交如下的命令格式: site msg send andi "AAAA%08x|%08x|%08x|%08x|%08x|%08x|%08x|%08x|%08x|%08x]" 可触发格式串问题,破坏内存信息,精心构建提交数据可能以openftpd进程权限在系统上执行任意指令。
CVSS Information
N/A
Vulnerability Type
N/A