Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HHP Ux
OSHp11.00Oracle Solaris
OSOracle8Sgi Irix
OSSgi6.5 – 6.5.20
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Memory
CWE
Referencje
Powiązane podatności
CVE-2020-14871CRITICAL10.0⚠ KEVten sam produkt
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Su...
CVE-2013-2251CRITICAL9.8⚠ KEVten sam produkt
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a paramet...
CVE-2012-1823CRITICAL9.8⚠ KEVten sam produkt
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi)...
CVE-2026-46978CRITICAL10.0ten sam produkt
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The...
CVE-2025-36038CRITICAL9.0PL ✓ten sam produkt
RCE w IBM WebSphere Application Server przez niebezpieczną deserializację