CVE-2000-0574

FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.

Published: Jul 7, 2000
Updated: Nov 9, 2025
CVE: CVE-2000-0574
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
washington_university / wu-ftpd	2.4.2_beta18	2.4.2_beta18.x
washington_university / wu-ftpd	2.4.2_beta18_vr14	2.4.2_beta18_vr14.x
washington_university / wu-ftpd	2.4.2_vr17	2.4.2_vr17.x
washington_university / wu-ftpd	2.4.2_beta18_vr9	2.4.2_beta18_vr9.x
washington_university / wu-ftpd	2.5	2.5.x
washington_university / wu-ftpd	2.4.2_vr16	2.4.2_vr16.x
washington_university / wu-ftpd	2.4.2_beta18_vr11	2.4.2_beta18_vr11.x
washington_university / wu-ftpd	2.4.2_beta18_vr6	2.4.2_beta18_vr6.x
washington_university / wu-ftpd	2.4.2_beta1	2.4.2_beta1.x
openbsd / ftpd	5.51	5.51.x
washington_university / wu-ftpd	2.4.2_beta18_vr4	2.4.2_beta18_vr4.x
washington_university / wu-ftpd	2.6	2.6.x
washington_university / wu-ftpd	2.4.2_beta18_vr12	2.4.2_beta18_vr12.x
washington_university / wu-ftpd	2.4.2_beta18_vr5	2.4.2_beta18_vr5.x
washington_university / wu-ftpd	2.4.2_beta18_vr13	2.4.2_beta18_vr13.x
washington_university / wu-ftpd	2.4.2_beta18_vr10	2.4.2_beta18_vr10.x
washington_university / wu-ftpd	2.4.2_beta18_vr15	2.4.2_beta18_vr15.x
washington_university / wu-ftpd	2.4.2_beta18_vr7	2.4.2_beta18_vr7.x
openbsd / ftpd	5.60	5.60.x
washington_university / wu-ftpd	2.4.2_beta18_vr8	2.4.2_beta18_vr8.x

Vulnerability Database

310,057

CVE-2000-0574

Deep Security Visibility Without the Complexity