Appendix E • Nessus Plug-ins 499 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) FTP WFTP 2.41 rc11 multiple DoS CAN-2000-0647 FTP wu-ftpd buffer overflow CVE-1999-0368, CVE-1999-0878, CVE-1999-0879, CVE-1999-0950 2242 FTP NiteServer FTP directory traversal 6648 FTP SunFTP Buffer Overflow CVE-2000-0856 1638 FTP FTP bounce check CVE-1999-0017 FTP Windows Administrator NULL FTP password FTP SunFTP directory traversal CAN-2001-0283 FTP Platinum FTP Server FTP Solaris FTPd tells if a user exists 2564 FTP FTP site exec CVE-1999-0080, CVE-1999-0955 2241 FTP ProFTPd buffer overflow CAN-1999-0911 612 FTP War FTP Daemon Directory Traversal CVE-2001-0295 2444 FTP proftpd 1.2.0preN check CVE-1999-0368 2242 FTP CrobFTP format string 7776 FTP BSD ftpd Single Byte Buffer Overflow CVE-2001-0053 2124 FTP proftpd mod_sql injection 7974 FTP hpux ftpd REST vulnerability FTP FTPd tells if a user exists Howlett_AppE.fm Page 499 Friday, June 25, 2004 1:50 PM 500 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) FTP ST FTP traversal 7674 FTP NB1300 router default FTP account 7359 FTP AIX FTPd buffer overflow CVE-1999-0789 679 FTP Passwordless Zaurus FTP server 5200 FTP HP-UX ftpd glob() Expansion STAT Buffer Overflow CAN-2001-0248 2552 FTP hpux ftpd PASS vulnerability CVE-2000-0699 1560 FTP NGC ActiveFTP Denial of Service 7900 FTP Multiple WarFTPd DoS 2698 FTP .rhosts in FTP root FTP Serv-U path disclosure CAN-2000-0176, CVE-1999-0838 1016, 859 FTP wu-ftpd SITE NEWER vulnerability CVE-1999-0880 FTP Broker FTP files listing CAN-2001-0450 301 FTP GuildFTPd Directory Traversal CAN-2001-0767 2789 FTP Ftp PASV denial of service CVE-1999-0079 271 FTP Guild FTPd tells if a given file exists CVE-2000-0640 1452 FTP proftpd exhaustion attack 6341 FTP bftpd chown overflow CAN-2001-0065, CVE-2000-0943 2120 Howlett_AppE.fm Page 500 Friday, June 25, 2004 1:50 PM Appendix E • Nessus Plug-ins 501 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) FTP MS FTPd DoS CVE-2002-0073, CVE-2002-0073 4482 FTP Serv-U Directory traversal CVE-2001-0054 2052 FTP EFTP installation directory disclosure CAN-2001-1109 3333 FTP ftp ‘glob’ overflow CAN-2001-0247 2548 FTP proftpd mkdir buffer overflow CAN-1999-0911 612 FTP Ftp PASV on connect crashes the FTP server CVE-1999-0075 FTP webweaver FTP DoS 7425 FTP EFTP tells if a given file exists CAN-2001-1109 3333 FTP Anonymous FTP enabled CAN-1999-0497 FTP wu-ftpd glob vulner- ability (2) CAN-2001-0935 FTP FTPD glob Heap Corruption CAN-2001-0249, CVE-2001-0550 2550, 3581 FTP Generic FTP traversal CVE-2001-0680, CAN-2001-1335, CAN-2001-0582 2618, 2786 FTP Debian proftpd 1.2.0 runs as root CVE-2001-0456 FTP wu-ftpd fb_realpath() off- by-one overflow CAN-2003-0466 8315 FTP War FTP Daemon USER/ PASS Overflow CVE-1999-0256 FTP EFTP carriage return DoS CVE-2000-0871 1677 FTP ftpd strtok() stack overflow CAN-2001-0325 2342 FTP Writeable FTP root CAN-1999-0527 Howlett_AppE.fm Page 501 Friday, June 25, 2004 1:50 PM 502 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) FTP Linux FTP backdoor CAN-1999-0452 FTP proftpd 1.2.0rc2 format string vuln CVE-2001-0318 FTP wu-ftpd PASV format string CVE-2001-0187 2296 FTP ftp USER, PASS or HELP overflow CAN-2000-0133, CVE-2000-0943, CAN-2002-0126, CVE-2000-0870, CVE-2000-1035, CVE-2000-1194, CAN-2000-1035 961, 1858, 3884, 7251, 7278, 7307 FTP ProFTPd pre6 buffer overflow CAN-1999-0911 612 FTP vxworks ftpd buffer overflow 6297 FTP FTP Service Allows Any Username FTP bftpd format string vulner- ability FTP VisNetic and Titan FTP Server traversal 7718 FTP FTP CWD ~root CVE-1999-0082 FTP vftpd buffer overflow CAN-1999-1058 818 FTP War FTP Daemon CWD/ MKD Buffer Overflow CVE-2000-0131 966 FTP PFTP login check FTP ftp writeable directories CAN-1999-0527 FTP BlackMoon FTP user disclosure FTP ProFTPd ASCII upload overflow 8679 Howlett_AppE.fm Page 502 Friday, June 25, 2004 1:50 PM Appendix E • Nessus Plug-ins 503 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) FTP BSD ftpd setproctitle() format string CAN-2000-0574 1425 FTP SmallFTP traversal FTP Windows NT ftp ‘guest’ account CAN-1999-0546 FTP WS FTP overflows CAN-2001-1021 FTP WFTP login check CAN-1999-0200 FTP FTP real path CVE-1999-0201 FTP WFTP RNTO DoS CAN-2000-0648 1456 FTP wu-ftpd SITE EXEC vulnerability CVE-2000-0573, CVE-1999-0997 1387, 2240, 726 Gain a shell remotely /bin/login overflow exploitation CVE-2001-0797 3681 Gain a shell remotely SSH 3 Allowed- Authentication 4810 Gain a shell remotely MCMS : Buffer overflow in Profile Service CAN-2002-0620, CVE-2002-0621, CVE-2002-0622, CVE-2002-0623, CVE-2002-0050 Gain a shell remotely Multiple vulnerabilities in CUPS CAN-2002-1383, CAN-2002-1366, CAN-2002-1367, CAN-2002-1368, CAN-2002-1384, CAN-2002-1369, CAN-2002-1372 Gain a shell remotely rsh on finger output Gain a shell remotely OpenSSL overflow via invalid certificate passing CAN-2003-0543, CAN-2003-0544, CAN-2003-0545 8732 Gain a shell remotely ipop2d buffer overflow CVE-1999-0920 283 Howlett_AppE.fm Page 503 Friday, June 25, 2004 1:50 PM 504 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Gain a shell remotely Omron WorldView Wnn Overflow CAN-2000-0704 1603 Gain a shell remotely Canna Overflow CVE-2000-0584 1445 Gain a shell remotely MailMax IMAP overflows (2) 7327 Gain a shell remotely iWS shtml overflow CVE-2000-1077 1848 Gain a shell remotely Cyrus IMAP pre-login buffer overrun Gain a shell remotely Shell Command Execu- tion Vulnerability Gain a shell remotely libgtop_daemon format string CAN-2001-0927 Gain a shell remotely gnocatan multiple buffer overflows Gain a shell remotely shtml.exe overflow CAN-2002-0692 5804 Gain a shell remotely SSH Secure-RPC Weak Encrypted Authentication CVE-2001-0259 2222 Gain a shell remotely OpenSSL overflow (generic test) CAN-2002-0656, CAN-2002-0655, CAN-2002-0657, CAN-2002-0659, CVE-2001-1141 5363 Gain a shell remotely tanned format string vulnerability 6553 Gain a shell remotely qpopper euidl problem CVE-2000-0320 1133 Gain a shell remotely Netscape Enterprise ‘Accept’ buffer overflow CVE-1999-0751 631 Gain a shell remotely OpenSSH 2.5.x -> 2.9.x adv.option CVE-2001-0816 3369 Howlett_AppE.fm Page 504 Friday, June 25, 2004 1:50 PM Appendix E • Nessus Plug-ins 505 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Gain a shell remotely PostgreSQL multiple flaws CAN-2002-1402, CAN-2002-1401, CAN-2002-1400, CAN-2002-1397, CAN-2002-1399 6610, 6614, 5527, 5497, 6615, 6611, 6612, 6613, 7075 Gain a shell remotely MySQL double free() CAN-2003-0073 6718 Gain a shell remotely CesarFTP multiple overflows CAN-2001-0826 7950, 7946 Gain a shell remotely BitKeeper remote command execution Gain a shell remotely mod_mylo overflow 8287 Gain a shell remotely uw-imap buffer overflow after logon CAN-2000-0284 1110 Gain a shell remotely NAI Management Agent overflow CVE-2000-0447 1254 Gain a shell remotely Lotus Domino Vulner- abilities CAN-2003-0123, CAN-2001-1311 7038, 7039 Gain a shell remotely qpopper LIST buffer overflow CAN-2000-0096 948 Gain a shell remotely wsmp3d command execution CAN-2003-0338 Gain a shell remotely LPRng malformed input CVE-2000-0917 1712 Gain a shell remotely IMAP4rev1 buffer over- flow after logon CAN-1999-1224 Gain a shell remotely Oracle LINK overflow CAN-2003-0222 7453 Gain a shell remotely iPlanet Application Server Buffer Overflow CAN-2002-0387 7082 Gain a shell remotely multiple MySQL flaws CAN-2002-1373, CAN-2002-1374, CAN-2002-1375, CAN-2002-1376 6368, 6370, 6373, 6374, 6375 Howlett_AppE.fm Page 505 Friday, June 25, 2004 1:50 PM 506 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Gain a shell remotely PKCS 1 Version 1.5 Session Key Retrieval CVE-2001-0361 2344 Gain a shell remotely FakeBO buffer overflow Gain a shell remotely Batalla Naval Overflow Gain a shell remotely Apache < 2.0.44 DOS device name CAN-2003-0016 Gain a shell remotely Magic WinMail Format string CAN-2003-0391 7667 Gain a shell remotely MySQL password handler overflaw CAN-2003-0780 8590 Gain a shell remotely SSH Insertion Attack CVE-1999-1085 Gain a shell remotely IMAP4buffer overflow in the BODY command CVE-2002-0379 4713 Gain a shell remotely rwhois format string attack CAN-2001-0838 Gain a shell remotely qpopper Qvsnprintf buffer overflow CAN-2003-0143 7058 Gain a shell remotely Apache chunked encoding CVE-2002-0392 5033 Gain a shell remotely rwhois format string attack (2) CAN-2001-0913 Gain a shell remotely scp File Create/Overwrite CVE-2000-0992 1742 Gain a shell remotely Kerio WebMail interface flaws 7966, 7967, 7968 Gain a shell remotely Quicktime/Darwin Remote Admin Exploit CAN-2003-0050, CAN-2003-0051, CAN-2003-0052, CAN-2003-0053, CAN-2003-0054, CAN-2003-0055 6954, 6955, 6956, 6957, 6958, 6960, 6990 Gain a shell remotely Gauntlet overflow CVE-2000-0437 1234 Gain a shell remotely netscape imap buffer over- flow after logon CVE-2000-0961 1721 Howlett_AppE.fm Page 506 Friday, June 25, 2004 1:50 PM Appendix E • Nessus Plug-ins 507 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Gain a shell remotely Oops buffer overflow CAN-2001-0029 2099 Gain a shell remotely SSH Overflow CVE-1999-0834 843 Gain a shell remotely Helix RealServer Buffer Overrun CAN-2003-0725 Gain a shell remotely SSH 3.0.0 CVE-2001-0553 3078 Gain a shell remotely Apache-SSL overflow CVE-2002-0082 4189 Gain a shell remotely OpenSSH < 3.0.1 CVE-2002-0083 3560, 4560, 4241 Gain a shell remotely MDaemon IMAP CREATE overflow 7446 Gain a shell remotely MailMax IMAP overflows CVE-1999-0404 7326 Gain a shell remotely OpenSSH 2.3.1 authen- tication bypass vulner- ability 2356 Gain a shell remotely SSH Kerberos issue CVE-2000-0575 1426 Gain a shell remotely mod_ntlm overflow / format string bug 7393, 7388 Gain a shell remotely rsh with null username CVE-1999-0180 Gain a shell remotely OpenSSH Client Unautho- rized Remote Forwarding CVE-2000-1169 1949 Gain a shell remotely SSH1 SSH Daemon Logging Failure CAN-2001-0471 2345 Gain a shell remotely ActiveSync packet overflow 7150 Gain root remotely mountd overflow CVE-1999-0002 Gain root remotely Imap buffer overflow CVE-1999-0005 130 Gain root remotely Microsoft RPC Interface Buffer Overrun (823980) CAN-2003-0352 8205 Gain root remotely Samba trans2open buffer overflow CAN-2003-0201, CAN-2003-0196 7294 Howlett_AppE.fm Page 507 Friday, June 25, 2004 1:50 PM 508 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Gain root remotely INN version check CVE-1999-0705, CVE-1999-0043, CVE-1999-0247 616 Gain root remotely Linux nfs-utils xlog() off- by-one overflow CAN-2003-0252 8179 Gain root remotely Format string on HTTP method name Gain root remotely EFTP buffer overflow CAN-2001-1112 3330 Gain root remotely SimpleServer remote execution 3112 Gain root remotely Alibaba 2.0 buffer overflow CAN-2000-0626 1482 Gain root remotely BIND iquery overflow CVE-1999-0009 134 Gain root remotely Too long OPTIONS parameter Gain root remotely OpenSSH < 3.7.1 CAN-2003-0693, CAN-2003-0695 8628 Gain root remotely Samba Fragment Reassembly Overflow CAN-2003-0085, CAN-2003-0086 7106, 7107 Gain root remotely Buffer overflow in Microsoft Telnet CVE-2002-0020 4061 Gain root remotely BrowseGate HTTP headers overflows CVE-2000-0908 1702 Gain root remotely SSH Multiple Vulns CAN-2002-1357, CAN-2002-1358, CAN-2002-1359, CAN-2002-1360 Gain root remotely Samba Remote Arbitrary File Creation CVE-2001-1162 2928 Gain root remotely MDBMS overflow CVE-2000-0446 1252 Gain root remotely lsh overflow 8655 Howlett_AppE.fm Page 508 Friday, June 25, 2004 1:50 PM . NiteServer FTP directory traversal 6648 FTP SunFTP Buffer Overflow CVE-2000-0856 1638 FTP FTP bounce check CVE-1999-0017 FTP Windows Administrator NULL FTP password FTP SunFTP directory traversal CAN-2001-0283 FTP. remotely OpenSSL overflow (generic test) CAN-2002-0656, CAN-2002-0655, CAN-2002-0657, CAN-2002-0659, CVE-2001-1141 536 3 Gain a shell remotely tanned format string vulnerability 6 553 Gain. June 25, 2004 1:5 0 PM Appendix E • Nessus Plug-ins 501 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) FTP MS FTPd DoS CVE-2002-0073, CVE-2002-0073 4482 FTP Serv-U Directory traversal