csaf_microsoft - msrc

msrc_cve-1999-1090

Vulnerability from csaf_microsoft

Published

2002-03-02 00:00

Modified

2025-10-01 23:10

Summary

The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files.

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-1999-1090 The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an \"ftp=yes\" line, which allows remote attackers to read and modify arbitrary files. - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2002/msrc_cve-1999-1090.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an \"ftp=yes\" line, which allows remote attackers to read and modify arbitrary files.",
    "tracking": {
      "current_release_date": "2025-10-01T23:10:49.000Z",
      "generator": {
        "date": "2025-10-19T16:22:21.918Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-1999-1090",
      "initial_release_date": "2002-03-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-10-01T23:10:49.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 telnet 0.17-81",
                "product": {
                  "name": "\u003ccbl2 telnet 0.17-81",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 telnet 0.17-81",
                "product": {
                  "name": "cbl2 telnet 0.17-81",
                  "product_id": "19250"
                }
              }
            ],
            "category": "product_name",
            "name": "telnet"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 telnet 0.17-81 as a component of CBL Mariner 2.0",
          "product_id": "17086-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 telnet 0.17-81 as a component of CBL Mariner 2.0",
          "product_id": "19250-17086"
        },
        "product_reference": "19250",
        "relates_to_product_reference": "17086"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-1999-1090",
      "notes": [
        {
          "category": "general",
          "text": "mitre",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "19250-17086"
        ],
        "known_affected": [
          "17086-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-1999-1090 The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an \"ftp=yes\" line, which allows remote attackers to read and modify arbitrary files. - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2002/msrc_cve-1999-1090.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-10-01T23:10:49.000Z",
          "details": "0.17-81:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "title": "The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an \"ftp=yes\" line, which allows remote attackers to read and modify arbitrary files."
    }
  ]
}

CVE-1999-1090 (GCVE-0-1999-1090)

Vulnerability from cvelistv5

Published

2002-03-09 05:00

Modified

2024-08-01 17:02

Severity ?

CWE

Summary

The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files.

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/1844	vdb-entry, x_refsource_XF
	http://www.cert.org/advisories/CA-1991-15.html	third-party-advisory, x_refsource_CERT

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website