VulniosVulnios
All Threat Alerts
criticalCVE Alert
CVE-2003-0466

Critical Vulnerability: CVE-2003-0466 — redhat, wuftpd — wu_ftpd, wu-ftpd

Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.

Sunday, April 19, 2026redhat, wuftpdVulnios Threat Intelligence
Share:

Executive Summary

Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.

Why It Matters

CVE-2003-0466 is rated CRITICAL severity, requiring immediate attention from security teams.

CVSS Base Score: 9.8/10

Affected Technologies

Vendors: redhat, wuftpd, apple, freebsd, netbsd, openbsd, sun

Products: wu_ftpd, wu-ftpd, mac_os_x, mac_os_x_server, freebsd, netbsd, openbsd, solaris

🛡️What Defenders Should Check

  • Check if you are affected — Review your asset inventory for products listed in CVE-2003-0466.
  • Apply available patches — Visit vendor advisories for the latest security updates.
  • Monitor for exploitation — Check your SIEM/IDS logs for related indicators.

    • Use Vulnios to continuously monitor your exposure to CVE-2003-0466 and similar vulnerabilities.

    References & Sources

  • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc
  • http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html
  • http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01
  • http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt
  • http://marc.info/?l=bugtraq&m=105967301604815&w=2
  • http://marc.info/?l=bugtraq&m=106001410028809&w=2
  • http://marc.info/?l=bugtraq&m=106001702232325&w=2
  • http://marc.info/?l=bugtraq&m=106002488209129&w=2
  • http://secunia.com/advisories/9423
  • http://secunia.com/advisories/9446

    • AI Security Advisor

    Powered by Gemini

    Get AI-powered security recommendations tailored to this specific threat — including risk assessment, detection guidance, MITRE ATT&CK mapping, and actionable remediation steps.

    Affected Products

    wu_ftpdwu-ftpdmac_os_xmac_os_x_serverfreebsdnetbsdopenbsdsolaris

    Sources

    critical

    Protect Your Organization

    Monitor CVEs, scan for vulnerabilities, and get real-time threat alerts — all in one platform.

    Get Started FreeFree Security ScanOSINT Dashboard

    Get instant alerts on Telegram

    Join our public channel for real-time critical CVE alerts.

    Follow @vulnios