CVE-1999-0997
Published Dec 20, 1999
Last updated 16 years ago
Overview
- Description
- wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Vendor comments
- Red HatRed Hat does not consider CVE-1999-0997 to be a security vulnerability. The wu-ftpd process chroots itself into the target ftp directory and will only run external commands as the user logged into the ftp server. Because the process chroots itself, an attacker needs a valid login with write access to the ftp server, and even then they could only potentially execute commands as themselves.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:millenux_gmbh:anonftp:2.8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54BD613B-52C9-4F57-B1B3-C7E38F829F91"
},
{
"criteria": "cpe:2.3:a:university_of_washington:wu-ftpd:2.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82A23988-1494-4BFD-908A-78FE2BC7C33B"
},
{
"criteria": "cpe:2.3:a:university_of_washington:wu-ftpd:2.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54D2322D-BBA4-4C36-81EC-E37FE8C87689"
},
{
"criteria": "cpe:2.3:a:university_of_washington:wu-ftpd:2.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "688CB1B7-D36C-4DA2-A261-07B23FCE1230"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:linux:5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8EED385-8C39-4A40-A507-2EFE7652FB35"
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2DFA94D5-0139-490C-8257-0751FE9FBAE4"
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2EC4D3AB-38FA-4D44-AF5C-2DCD15994E76"
}
],
"operator": "OR"
}
]
}
]