CVE-2004-0277 - Vulnerability Details - OpenCVE

Format string vulnerability in Dream FTP 1.02 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the username.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bolintech	Dream Ftp Server

Configuration 1 [-]

cpe:2.3:a:bolintech:dream_ftp_server:1.02:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016871.html
http://marc.info/?l=bugtraq&m=107656166402882&w=2
http://www.security-protocols.com/modules.php?name=News&file=article&sid=1722
http://www.securityfocus.com/bid/9600
https://exchange.xforce.ibmcloud.com/vulnerabilities/15070

History

Sun, 13 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.07234}`	epss `{'score': 0.08066}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-03-18T05:00:00

Updated: 2024-08-08T00:10:03.796Z

Reserved: 2004-03-17T00:00:00

Link: CVE-2004-0277

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2004-11-23T05:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2004-0277

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-02-07T00:00:00", "descriptions": [{"lang": "en", "value": "Format string vulnerability in Dream FTP 1.02 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the username."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "9600", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/9600"}, {"name": "dreamftp-username-format-string(15070)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15070"}, {"name": "20040211 Re: [Full-Disclosure] DreamFTP Server 1.02 Buffer Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=107656166402882&w=2"}, {"tags": ["x_refsource_MISC"], "url": "http://www.security-protocols.com/modules.php?name=News&file=article&sid=1722"}, {"name": "20040207 DreamFTP Server 1.02 Buffer Overflow", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016871.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0277", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Format string vulnerability in Dream FTP 1.02 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the username."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "9600", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9600"}, {"name": "dreamftp-username-format-string(15070)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15070"}, {"name": "20040211 Re: [Full-Disclosure] DreamFTP Server 1.02 Buffer Overflow", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=107656166402882&w=2"}, {"name": "http://www.security-protocols.com/modules.php?name=News&file=article&sid=1722", "refsource": "MISC", "url": "http://www.security-protocols.com/modules.php?name=News&file=article&sid=1722"}, {"name": "20040207 DreamFTP Server 1.02 Buffer Overflow", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016871.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T00:10:03.796Z"}, "title": "CVE Program Container", "references": [{"name": "9600", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/9600"}, {"name": "dreamftp-username-format-string(15070)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15070"}, {"name": "20040211 Re: [Full-Disclosure] DreamFTP Server 1.02 Buffer Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=107656166402882&w=2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.security-protocols.com/modules.php?name=News&file=article&sid=1722"}, {"name": "20040207 DreamFTP Server 1.02 Buffer Overflow", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016871.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0277", "datePublished": "2004-03-18T05:00:00", "dateReserved": "2004-03-17T00:00:00", "dateUpdated": "2024-08-08T00:10:03.796Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bolintech:dream_ftp_server:1.02:*:*:*:*:*:*:*", "matchCriteriaId": "26D763A2-E3D5-46E2-BAF9-AAD891F5FAA3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Format string vulnerability in Dream FTP 1.02 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the username."}, {"lang": "es", "value": "Vulnerabilidad de cadena de formato en Dream FTP 1.02 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante especificadores de cadena de formato en el nombre del usuario."}], "id": "CVE-2004-0277", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-11-23T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016871.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=107656166402882&w=2"}, {"source": "cve@mitre.org", "url": "http://www.security-protocols.com/modules.php?name=News&file=article&sid=1722"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/9600"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15070"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016871.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=107656166402882&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.security-protocols.com/modules.php?name=News&file=article&sid=1722"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/9600"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15070"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}