ID CVE-1999-1345
Summary Auto_FTP.pl script in Auto_FTP 0.2 uses the /tmp/ftp_tmp as a shared directory with insecure permissions, which allows local users to (1) send arbitrary files to the remote server by placing them in the directory, and (2) view files that are being transferred.
References
Vulnerable Configurations
  • cpe:2.3:a:auto_ftp:auto_ftp:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:auto_ftp:auto_ftp:0.2:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 18-10-2016 - 02:03)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bugtraq 19991005 Auto_FTP v0.02 Advisory
Last major update 18-10-2016 - 02:03
Published 05-10-1999 - 04:00
Last modified 18-10-2016 - 02:03
Back to Top