Vulnerability Name:
CVE-1999-0035 (CCN-449)
Assigned:
1997-05-01
Published:
1997-05-01
Updated:
2022-08-17
Summary:
Race condition in signal handling routine in ftpd, allowing read/write arbitrary files.
CVSS v3 Severity:
5.6 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
Low
Availibility (A):
Low
CVSS v2 Severity:
5.1 Medium
(CVSS v2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
High
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
5.1 Medium
(CCN CVSS v2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
High
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
File Manipulation
References:
Source: CCN
Type: AusCERT Advisory AA-97.03
ftpd Signal Handling Vulnerability
Source: CCN
Type: SGI Security Advisory 19970801-01-PX
IRIX ftpd Signal Handling Vulnerability
Source: MITRE
Type: CNA
CVE-1999-0035
Source: CCN
Type: CERT Advisory CA-1997-16
ftpd Signal Handling Vulnerability
Source: CCN
Type: OSVDB ID: 11733
Multiple Vendor ftpd Signal Handling Race Arbitrary File Modification
Source: XF
Type: UNKNOWN
ftp-ftpd(449)
Source: MISC
Type: UNKNOWN
https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0035
Vulnerable Configuration:
Configuration 1
:
cpe:/a:gnu:inet:5.01:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:*:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/o:hp:hp-ux:10.20:*:*:*:*:*:*:*
AND
cpe:/o:ibm:aix:3.2:*:*:*:*:*:*:*
OR
cpe:/o:ibm:aix:4.1:*:*:*:*:*:*:*
OR
cpe:/o:ibm:aix:4.2:*:*:*:*:*:*:*
OR
cpe:/o:windriver:bsdos:2.1:*:*:*:*:*:*:*
OR
cpe:/o:freebsd:freebsd:2.1.0:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:10.00:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:10.09:*:*:*:*:*:*:*
OR
cpe:/o:redhat:linux:4.0:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:10.01:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:10.10:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:10.30:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:10.16:*:*:*:*:*:*:*
OR
cpe:/o:openbsd:openbsd:2.0:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:9.01:*:*:*:*:*:*:*
OR
cpe:/o:freebsd:freebsd:2.1.7.1:*:*:*:*:*:*:*
OR
cpe:/o:freebsd:freebsd:2.1.5:*:*:*:*:*:*:*
OR
cpe:/o:freebsd:freebsd:2.1.6:*:*:*:*:*:*:*
OR
cpe:/o:freebsd:freebsd:2.1.7:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:10.24:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:10.26:*:*:*:*:*:*:*
OR
cpe:/o:freebsd:freebsd:2.1.6.1:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:10.02:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:10.03:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:10.08:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:10.34:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:9.00:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:9.03:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:9.04:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:9.05:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:9.06:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:9.07:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:9.08:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:9.09:*:*:*:*:*:*:*
OR
cpe:/o:hp:hp-ux:9.10:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
gnu
inet 5.01
sgi
irix *
hp
hp-ux 10.20
ibm
aix 3.2
ibm
aix 4.1
ibm
aix 4.2
windriver
bsdos 2.1
freebsd
freebsd 2.1.0
hp
hp-ux 10.00
hp
hp-ux 10.09
redhat
linux 4.0
hp
hp-ux 10.01
hp
hp-ux 10.10
hp
hp-ux 10.30
hp
hp-ux 10.16
openbsd
openbsd 2.0
hp
hp-ux 9.01
freebsd
freebsd 2.1.7.1
freebsd
freebsd 2.1.5
freebsd
freebsd 2.1.6
freebsd
freebsd 2.1.7
hp
hp-ux 10.24
hp
hp-ux 10.26
freebsd
freebsd 2.1.6.1
hp
hp-ux 10.02
hp
hp-ux 10.03
hp
hp-ux 10.08
hp
hp-ux 10.34
hp
hp-ux 9.00
hp
hp-ux 9.03
hp
hp-ux 9.04
hp
hp-ux 9.05
hp
hp-ux 9.06
hp
hp-ux 9.07
hp
hp-ux 9.08
hp
hp-ux 9.09
hp
hp-ux 9.10
Denotes that component is vulnerable