• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple Vendor C Library realpath() Off-By-One Buffer Overflow Vulnerability

Bugtraq ID:	8315
Class:	Boundary Condition Error
CVE:	CVE-2003-0466
Remote:	Yes
Local:	No
Published:	Jul 31 2003 12:00AM
Updated:	May 15 2007 07:08PM
Credit:	Discovery of this vulnerability has been credited to Janusz Niewiadomski <funkysh@isec.pl> and Wojciech Purczynski <cliph@isec.pl>.
Vulnerable:	Washington University wu-ftpd 2.6.2 + Compaq Tru64 5.1 b PK2 (BL22) + Compaq Tru64 5.1 b PK1 (BL1) + Compaq Tru64 5.1 b + Compaq Tru64 5.1 a PK5 (BL23) + Compaq Tru64 5.1 a PK4 (BL21) + Compaq Tru64 5.1 a PK3 (BL3) + Compaq Tru64 5.1 a PK2 (BL2) + Compaq Tru64 5.1 a PK1 (BL1) + Compaq Tru64 5.1 a + Compaq Tru64 5.1 PK6 (BL20) + Compaq Tru64 5.1 PK5 (BL19) + Compaq Tru64 5.1 PK4 (BL18) + Compaq Tru64 5.1 PK3 (BL17) + Compaq Tru64 5.1 + Compaq Tru64 5.0 f + Compaq Tru64 5.0 a PK3 (BL17) + Compaq Tru64 5.0 a + Compaq Tru64 5.0 PK4 (BL18) + Compaq Tru64 5.0 PK4 (BL17) + Compaq Tru64 5.0 + Compaq Tru64 4.0 g PK3 (BL17) + Compaq Tru64 4.0 g + Compaq Tru64 4.0 f PK7 (BL18) + Compaq Tru64 4.0 f PK6 (BL17) + Compaq Tru64 4.0 f + Compaq Tru64 4.0 e + Compaq Tru64 4.0 d PK9 (BL17) + Compaq Tru64 4.0 d + Compaq Tru64 4.0 b + Conectiva Linux 9.0 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 + MandrakeSoft Linux Mandrake 8.2 ppc + MandrakeSoft Linux Mandrake 8.2 + SCO Open Server 5.0.7 + SCO Open Server 5.0.6 a + SCO Open Server 5.0.6 + Sun Linux 5.0.7 + Turbolinux Turbolinux Advanced Server 6.0 + Turbolinux Turbolinux Server 6.1 + Turbolinux Turbolinux Workstation 6.0 Washington University wu-ftpd 2.6.1 + Caldera OpenLinux 2.3 + Caldera OpenLinux Server 3.1 + Cobalt Qube 1.0 + Conectiva Linux 8.0 + Conectiva Linux 7.0 + Conectiva Linux 6.0 - FreeBSD FreeBSD 5.0 alpha - FreeBSD FreeBSD 5.0 - FreeBSD FreeBSD 4.4 - FreeBSD FreeBSD 4.3 -STABLE - FreeBSD FreeBSD 4.3 -RELEASE - FreeBSD FreeBSD 4.3 + MandrakeSoft Corporate Server 1.0.1 + MandrakeSoft Linux Mandrake 8.1 + MandrakeSoft Linux Mandrake 8.0 ppc + MandrakeSoft Linux Mandrake 8.0 + MandrakeSoft Linux Mandrake 7.2 + MandrakeSoft Linux Mandrake 7.1 + MandrakeSoft Linux Mandrake 7.0 + MandrakeSoft Linux Mandrake 6.1 + MandrakeSoft Linux Mandrake 6.0 + RedHat Linux 7.2 noarch + RedHat Linux 7.2 ia64 + RedHat Linux 7.2 i686 + RedHat Linux 7.2 i586 + RedHat Linux 7.2 i386 + RedHat Linux 7.2 athlon + RedHat Linux 7.2 alpha + RedHat Linux 7.1 noarch + RedHat Linux 7.1 ia64 + RedHat Linux 7.1 i686 + RedHat Linux 7.1 i586 + RedHat Linux 7.1 i386 + RedHat Linux 7.1 alpha + RedHat Linux 7.0 sparc + RedHat Linux 7.0 i386 + RedHat Linux 7.0 alpha - S.u.S.E. Linux 7.3 - S.u.S.E. Linux 7.2 - S.u.S.E. Linux 7.1 x86 - S.u.S.E. Linux 7.1 sparc - S.u.S.E. Linux 7.1 ppc - S.u.S.E. Linux 7.1 alpha - S.u.S.E. Linux 7.1 - S.u.S.E. Linux 7.0 sparc - S.u.S.E. Linux 7.0 ppc - S.u.S.E. Linux 7.0 alpha - S.u.S.E. Linux 7.0 + SCO eDesktop 2.4 + SCO eServer 2.3.1 + SCO Open Server 5.0.6 a + SCO Open Server 5.0.6 + SCO Open Server 5.0.5 + SCO Open Server 5.0.4 + SCO Open Server 5.0.3 + SCO Open Server 5.0.2 + SCO Open Server 5.0.1 + SCO Open Server 5.0 - Slackware Linux 8.0 - Slackware Linux 7.1 - Slackware Linux 7.0 + Turbolinux Turbolinux 6.0.5 + Turbolinux Turbolinux 6.0.4 + Turbolinux Turbolinux 6.0.3 + Turbolinux Turbolinux 6.0.2 + Turbolinux Turbolinux 6.0.1 + Turbolinux Turbolinux 6.0 + Turbolinux Turbolinux Workstation 6.1 + Wirex Immunix OS 7.0 -Beta + Wirex Immunix OS 7.0 + Wirex Immunix OS 7+ Washington University wu-ftpd 2.6 .0 + Cobalt Qube 1.0 + Conectiva Linux 5.1 + Conectiva Linux 5.0 + Conectiva Linux 4.2 + Conectiva Linux 4.1 + Conectiva Linux 4.0 es + Conectiva Linux 4.0 + Debian Linux 2.2 sparc + Debian Linux 2.2 powerpc + Debian Linux 2.2 arm + Debian Linux 2.2 alpha + Debian Linux 2.2 68k + Debian Linux 2.2 - FreeBSD FreeBSD 4.4 - FreeBSD FreeBSD 4.3 -STABLE - FreeBSD FreeBSD 4.3 -RELEASE - FreeBSD FreeBSD 4.3 + HP HP-UX 11.11 + HP HP-UX 11.0 + RedHat Linux 6.2 sparc + RedHat Linux 6.2 i386 + RedHat Linux 6.2 alpha + RedHat Linux 6.1 sparc + RedHat Linux 6.1 i386 + RedHat Linux 6.1 alpha + RedHat Linux 6.0 sparc + RedHat Linux 6.0 alpha + RedHat Linux 6.0 + RedHat Linux 5.2 sparc + RedHat Linux 5.2 i386 + RedHat Linux 5.2 alpha + S.u.S.E. Linux 7.3 sparc + S.u.S.E. Linux 7.3 ppc + S.u.S.E. Linux 7.3 i386 + S.u.S.E. Linux 7.2 i386 + S.u.S.E. Linux 7.1 x86 + S.u.S.E. Linux 7.1 sparc + S.u.S.E. Linux 7.1 ppc + S.u.S.E. Linux 7.1 alpha + S.u.S.E. Linux 7.0 sparc + S.u.S.E. Linux 7.0 ppc + S.u.S.E. Linux 7.0 i386 + S.u.S.E. Linux 7.0 alpha + S.u.S.E. Linux 6.4 ppc + S.u.S.E. Linux 6.4 alpha + S.u.S.E. Linux 6.4 + S.u.S.E. Linux 6.3 ppc + S.u.S.E. Linux 6.3 alpha + S.u.S.E. Linux 6.3 + S.u.S.E. Linux 6.2 + S.u.S.E. Linux 6.1 alpha + S.u.S.E. Linux 6.1 + Turbolinux Turbolinux 4.0 + Wirex Immunix OS 6.2 Washington University wu-ftpd 2.5 .0 + Caldera OpenLinux 2.4 + Caldera OpenLinux Desktop 2.3 + RedHat Linux 6.0 sparc + RedHat Linux 6.0 alpha + RedHat Linux 6.0 + SCO eDesktop 2.4 + SCO eServer 2.3.1 + SCO eServer 2.3 Sun Solaris 9_x86 Sun Solaris 9 SSH Communications Security SSH2 3.2.9 .1 RedHat wu-ftpd-2.6.2-8.i386.rpm + RedHat Linux 8.0 i386 RedHat wu-ftpd-2.6.2-5.i386.rpm + RedHat Linux 7.3 i386 RedHat wu-ftpd-2.6.1-18.ia64.rpm + RedHat Linux 7.2 ia64 RedHat wu-ftpd-2.6.1-18.i386.rpm + RedHat Linux 7.2 i386 RedHat wu-ftpd-2.6.1-16.ppc.rpm + RedHat Linux 7.1 pseries + RedHat Linux 7.1 iseries RedHat wu-ftpd-2.6.1-16.i386.rpm + RedHat Linux 7.1 i386 OpenBSD OpenBSD 2.9 OpenBSD OpenBSD 2.8 OpenBSD OpenBSD 2.7 OpenBSD OpenBSD 2.6 OpenBSD OpenBSD 2.5 OpenBSD OpenBSD 2.4 OpenBSD OpenBSD 2.3 OpenBSD OpenBSD 2.2 OpenBSD OpenBSD 2.1 OpenBSD OpenBSD 2.0 OpenBSD OpenBSD 3.3 OpenBSD OpenBSD 3.2 OpenBSD OpenBSD 3.1 OpenBSD OpenBSD 3.0 NetBSD NetBSD 1.6.1 NetBSD NetBSD 1.6 NetBSD NetBSD 1.5.3 NetBSD NetBSD 1.5.2 NetBSD NetBSD 1.5.1 NetBSD NetBSD 1.5 HP HP-UX 11.22 HP HP-UX 11.11 HP HP-UX 11.0 FreeBSD FreeBSD 5.0 alpha FreeBSD FreeBSD 5.0 FreeBSD FreeBSD 4.8 -PRERELEASE FreeBSD FreeBSD 4.8 FreeBSD FreeBSD 4.7 -STABLE FreeBSD FreeBSD 4.7 -RELEASE FreeBSD FreeBSD 4.7 FreeBSD FreeBSD 4.6.2 FreeBSD FreeBSD 4.6 -STABLE FreeBSD FreeBSD 4.6 -RELEASE FreeBSD FreeBSD 4.6 FreeBSD FreeBSD 4.5 -STABLEpre2002-03-07 FreeBSD FreeBSD 4.5 -STABLE FreeBSD FreeBSD 4.5 -RELEASE FreeBSD FreeBSD 4.5 FreeBSD FreeBSD 4.4 -STABLE FreeBSD FreeBSD 4.4 -RELENG FreeBSD FreeBSD 4.4 FreeBSD FreeBSD 4.3 -STABLE FreeBSD FreeBSD 4.3 -RELENG FreeBSD FreeBSD 4.3 -RELEASE FreeBSD FreeBSD 4.3 FreeBSD FreeBSD 4.2 -STABLEpre122300 FreeBSD FreeBSD 4.2 -STABLEpre050201 FreeBSD FreeBSD 4.2 -STABLE FreeBSD FreeBSD 4.2 -RELEASE FreeBSD FreeBSD 4.2 FreeBSD FreeBSD 4.1.1 -STABLE FreeBSD FreeBSD 4.1.1 -RELEASE FreeBSD FreeBSD 4.1.1 FreeBSD FreeBSD 4.1 FreeBSD FreeBSD 4.0 .x FreeBSD FreeBSD 4.0 alpha FreeBSD FreeBSD 4.0 FreeBSD FreeBSD 3.5.1 -STABLEpre2001-07-20 Apple Mac OS X Server 10.2.6 Apple Mac OS X 10.2.6
Not Vulnerable: