CVE-2001-0247

Name: CVE-2001-0247
Creator: NVD / NIST
Published: 2001-06-18T04:00:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 19.32%

Last modified Jun 16, 2026

CVE-2001-0247 is a vulnerability of currently unknown severity. Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.. EPSS estimates a 19.32% chance of exploitation in the next 30 days.

Description

Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.

Metrics

EPSS Probability

19.32%

97.0th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Mit	Kerberos 5	1.1.1
Mit	Kerberos 5	1.2
Mit	Kerberos 5	1.2.1
Mit	Kerberos 5	1.2.2
Sgi	Irix	6.1
Sgi	Irix	6.5.1
Sgi	Irix	6.5.2m
Sgi	Irix	6.5.3
Sgi	Irix	6.5.3f
Sgi	Irix	6.5.3m
Sgi	Irix	6.5.4
Sgi	Irix	6.5.5
Sgi	Irix	6.5.6
Sgi	Irix	6.5.7
Sgi	Irix	6.5.8
Sgi	Irix	6.5.10
Sgi	Irix	6.5.11
Freebsd	Freebsd	2.2
Freebsd	Freebsd	2.2.2
Freebsd	Freebsd	2.2.3
Freebsd	Freebsd	2.2.4
Freebsd	Freebsd	2.2.5
Freebsd	Freebsd	2.2.6
Freebsd	Freebsd	2.2.8
Freebsd	Freebsd	3.0
Freebsd	Freebsd	3.1
Freebsd	Freebsd	3.2
Freebsd	Freebsd	3.3
Freebsd	Freebsd	3.4
Freebsd	Freebsd	3.5
Freebsd	Freebsd	3.5.1
Freebsd	Freebsd	4.0
Freebsd	Freebsd	4.1
Freebsd	Freebsd	4.1.1
Freebsd	Freebsd	4.2
Netbsd	Netbsd	1.2.1
Netbsd	Netbsd	1.3
Netbsd	Netbsd	1.3.1
Netbsd	Netbsd	1.3.2
Netbsd	Netbsd	1.3.3
Netbsd	Netbsd	1.4
Netbsd	Netbsd	1.4.1
Netbsd	Netbsd	1.4.2
Netbsd	Netbsd	1.4.3
Netbsd	Netbsd	1.5
Openbsd	Openbsd	2.3
Openbsd	Openbsd	2.4
Openbsd	Openbsd	2.5
Openbsd	Openbsd	2.6
Openbsd	Openbsd	2.7

Showing 50 of 51 affected configurations. See NVD for the full list.

References

ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-018.txt.ascPatch
ftp://patches.sgi.com/support/free/security/advisories/20010802-01-P
http://archives.neohapsis.com/archives/freebsd/2001-04/0466.htmlPatch, Vendor Advisory
http://www.cert.org/advisories/CA-2001-07.htmlPatch, Third Party Advisory, US Government Resource
http://www.nai.com/research/covert/advisories/048.asp
http://www.securityfocus.com/bid/2548Exploit, Patch, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/6332
ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-018.txt.ascPatch
ftp://patches.sgi.com/support/free/security/advisories/20010802-01-P
http://archives.neohapsis.com/archives/freebsd/2001-04/0466.htmlPatch, Vendor Advisory
http://www.cert.org/advisories/CA-2001-07.htmlPatch, Third Party Advisory, US Government Resource
http://www.nai.com/research/covert/advisories/048.asp
http://www.securityfocus.com/bid/2548Exploit, Patch, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/6332

Timeline

Published: Jun 18, 2001
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2001-0247?

How severe is CVE-2001-0247?

Severity scoring for CVE-2001-0247 is pending analysis. The EPSS model estimates a 19.32% probability of exploitation in the next 30 days.

How do I fix CVE-2001-0247?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2001-0247?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST