ID CVE-1999-0997
Summary wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.
References
Vulnerable Configurations
  • cpe:2.3:a:millenux_gmbh:anonftp:2.8.1
    cpe:2.3:a:millenux_gmbh:anonftp:2.8.1
  • cpe:2.3:a:university_of_washington:wu-ftpd:2.4.2
    cpe:2.3:a:university_of_washington:wu-ftpd:2.4.2
  • cpe:2.3:a:university_of_washington:wu-ftpd:2.5.0
    cpe:2.3:a:university_of_washington:wu-ftpd:2.5.0
  • cpe:2.3:a:university_of_washington:wu-ftpd:2.6.0
    cpe:2.3:a:university_of_washington:wu-ftpd:2.6.0
  • Red Hat Linux 5.2
    cpe:2.3:o:redhat:linux:5.2
  • Red Hat Linux 6.0
    cpe:2.3:o:redhat:linux:6.0
  • Red Hat Linux 6.1
    cpe:2.3:o:redhat:linux:6.1
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description wu-ftpd 2.4.2/2.5 .0/2.6 .0/2.6.1/2.6.2 FTP Conversion Vulnerability. CVE-1999-0997. Remote exploit for unix platform
id EDB-ID:20563
last seen 2016-02-02
modified 1999-12-20
published 1999-12-20
reporter suid
source https://www.exploit-db.com/download/20563/
title wu-ftpd 2.4.2/2.5 .0/2.6.0/2.6.1/2.6.2 - FTP Conversion Vulnerability
nessus via4
NASL family Debian Local Security Checks
NASL id DEBIAN_DSA-377.NASL
description wu-ftpd, an FTP server, implements a feature whereby multiple files can be fetched in the form of a dynamically constructed archive file, such as a tar archive. The names of the files to be included are passed as command line arguments to tar, without protection against them being interpreted as command-line options. GNU tar supports several command line options which can be abused, by means of this vulnerability, to execute arbitrary programs with the privileges of the wu-ftpd process. Georgi Guninski pointed out that this vulnerability exists in Debian woody.
last seen 2019-02-21
modified 2018-07-20
plugin id 15214
published 2004-09-29
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=15214
title Debian DSA-377-1 : wu-ftpd - insecure program execution
refmap via4
bugtraq 19991220 Security vulnerability in certain wu-ftpd (and derivitives) configurations (fwd)
debian DSA-377
xf wuftp-ftp-conversion
statements via4
contributor Joshua Bressers
lastmodified 2006-09-27
organization Red Hat
statement Red Hat does not consider CVE-1999-0997 to be a security vulnerability. The wu-ftpd process chroots itself into the target ftp directory and will only run external commands as the user logged into the ftp server. Because the process chroots itself, an attacker needs a valid login with write access to the ftp server, and even then they could only potentially execute commands as themselves.
Last major update 05-09-2008 - 16:18
Published 20-12-1999 - 00:00
Back to Top