{"api_version":"1","generated_at":"2026-04-25T17:19:31+00:00","cve":"CVE-2001-1355","urls":{"html":"https://cve.report/CVE-2001-1355","api":"https://cve.report/api/cve/CVE-2001-1355.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2001-1355","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2001-1355"},"summary":{"title":"CVE-2001-1355","description":"Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command.","state":"PUBLISHED","assigner":"mitre","published_at":"2001-07-20 04:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"10","severity":"","vector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://online.securityfocus.com/archive/1/198293","name":"http://online.securityfocus.com/archive/1/198293","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"-1","archivestatus":"503"},{"url":"http://www.securityfocus.com/bid/3077","name":"http://www.securityfocus.com/bid/3077","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Netwin NWAuth Buffer Overflow Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/6865","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/6865","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"503"},{"url":"https://www.cve.org/CVERecord?id=CVE-2001-1355","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2001-1355","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2001","cve_id":"1355","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netwin","cpe5":"dmail","cpe6":"2.5d","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2001","cve_id":"1355","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netwin","cpe5":"dmail","cpe6":"2.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2001","cve_id":"1355","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netwin","cpe5":"dmail","cpe6":"2.7q","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2001","cve_id":"1355","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netwin","cpe5":"dmail","cpe6":"2.7r","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2001","cve_id":"1355","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netwin","cpe5":"dmail","cpe6":"2.8e","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2001","cve_id":"1355","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netwin","cpe5":"dmail","cpe6":"2.8f","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2001","cve_id":"1355","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netwin","cpe5":"dmail","cpe6":"2.8g","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2001","cve_id":"1355","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netwin","cpe5":"dmail","cpe6":"2.8h","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2001","cve_id":"1355","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netwin","cpe5":"dmail","cpe6":"2.8i","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2001","cve_id":"1355","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netwin","cpe5":"surgeftp","cpe6":"1.0b","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2001","cve_id":"1355","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netwin","cpe5":"surgeftp","cpe6":"2.0a","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2001","cve_id":"1355","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netwin","cpe5":"surgeftp","cpe6":"2.0b","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T04:51:08.082Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"3077","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/3077"},{"name":"20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://online.securityfocus.com/archive/1/198293"},{"name":"netwin-nwauth-bo(6865)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/6865"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2001-07-20T00:00:00.000Z","descriptions":[{"lang":"en","value":"Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-12-18T21:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"3077","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/3077"},{"name":"20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://online.securityfocus.com/archive/1/198293"},{"name":"netwin-nwauth-bo(6865)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/6865"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2001-1355","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"3077","refsource":"BID","url":"http://www.securityfocus.com/bid/3077"},{"name":"20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows","refsource":"BUGTRAQ","url":"http://online.securityfocus.com/archive/1/198293"},{"name":"netwin-nwauth-bo(6865)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/6865"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2001-1355","datePublished":"2002-06-11T04:00:00.000Z","dateReserved":"2002-06-07T00:00:00.000Z","dateUpdated":"2024-08-08T04:51:08.082Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2001-07-20 04:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netwin:dmail:2.5d:*:*:*:*:*:*:*","matchCriteriaId":"EF456029-C817-4FC5-AFE2-9637219E220C"},{"vulnerable":true,"criteria":"cpe:2.3:a:netwin:dmail:2.7:*:*:*:*:*:*:*","matchCriteriaId":"60C72EA3-5D19-44B7-AB3D-99122A470205"},{"vulnerable":true,"criteria":"cpe:2.3:a:netwin:dmail:2.7q:*:*:*:*:*:*:*","matchCriteriaId":"316BCDB3-3762-436F-91B2-41231A55CB96"},{"vulnerable":true,"criteria":"cpe:2.3:a:netwin:dmail:2.7r:*:*:*:*:*:*:*","matchCriteriaId":"AD266925-B677-4462-9BF6-0828FD5CBF41"},{"vulnerable":true,"criteria":"cpe:2.3:a:netwin:dmail:2.8e:*:*:*:*:*:*:*","matchCriteriaId":"A5BD3CC6-5E2C-4534-925E-B81D92F18A1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:netwin:dmail:2.8f:*:*:*:*:*:*:*","matchCriteriaId":"C25AB545-FCF5-42FB-801E-07DF0ADC4865"},{"vulnerable":true,"criteria":"cpe:2.3:a:netwin:dmail:2.8g:*:*:*:*:*:*:*","matchCriteriaId":"EF6F3B04-6DA7-42F8-8873-7625B93523ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:netwin:dmail:2.8h:*:*:*:*:*:*:*","matchCriteriaId":"F44C662D-58ED-41E0-8718-259321F9F9E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:netwin:dmail:2.8i:*:*:*:*:*:*:*","matchCriteriaId":"CEE745C7-C370-44FF-BAC4-EE93EE6AFC46"},{"vulnerable":true,"criteria":"cpe:2.3:a:netwin:surgeftp:1.0b:*:*:*:*:*:*:*","matchCriteriaId":"BE4FD50F-DDFA-40AD-BFCC-F606CEF450F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:netwin:surgeftp:2.0a:*:*:*:*:*:*:*","matchCriteriaId":"AC94C372-7536-4692-AEA7-B58B32E2A5F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:netwin:surgeftp:2.0b:*:*:*:*:*:*:*","matchCriteriaId":"59DB045D-91F6-4AFC-8331-F2155D38D5FE"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2001","CveId":"1355","Ordinal":"1","Title":"CVE-2001-1355","CVE":"CVE-2001-1355","Year":"2001"},"notes":[{"CveYear":"2001","CveId":"1355","Ordinal":"1","NoteData":"Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command.","Type":"Description","Title":"CVE-2001-1355"},{"CveYear":"2001","CveId":"1355","Ordinal":"2","NoteData":"2002-06-11","Type":"Other","Title":"Published"},{"CveYear":"2001","CveId":"1355","Ordinal":"3","NoteData":"2017-12-18","Type":"Other","Title":"Modified"}]}}}