Vulnerability Name:

CVE-1999-0878 (CCN-3158)

Assigned:1999-08-22
Published:1999-08-22
Updated:2008-09-09
Summary:Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-1999-027.0
buffer overflow in wu-ftpd-2.5

Source: CCN
Type: FreeBSD Security Advisory FreeBSD-SA-99:03
Three ftp daemons in ports vulnerable to attack.

Source: CCN
Type: AusCERT Advisory AA-99.01
wu-ftpd/BeroFTPD MAPPING_CHDIR Vulnerability

Source: CCN
Type: BugTraq Mailing List, Thu, 26 Aug 1999 13:43:07 -0400
WU-FTPD Security Update

Source: MITRE
Type: CNA
CVE-1999-0878

Source: CCN
Type: RHSA-1999:031-01
Another buffer overflow in wu-ftpd is fixed

Source: CCN
Type: RHSA-1999:043-01
Security problems in WU-FTPD

Source: CCN
Type: CERT Advisory CA-1999-13
Multiple Vulnerabilities in WU-FTPD

Source: CCN
Type: CIAC Information Bulletin J-065
Wu-ftpd Vulnerability

Source: BID
Type: UNKNOWN
599

Source: CCN
Type: BID-599
Multiple Vendor Wu-Ftpd Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
wu-ftpd-dir-name(3158)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:beroftpd:beroftpd:1.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:beroftpd:beroftpd:1.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:beroftpd:beroftpd:1.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:washington_university:wu-ftpd:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*:*:*:*:*:*:*
  • OR cpe:/a:beroftpd:beroftpd:1.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:beroftpd:beroftpd:1.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:beroftpd:beroftpd:1.3.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    beroftpd beroftpd 1.3.2
    beroftpd beroftpd 1.3.3
    beroftpd beroftpd 1.3.4
    washington_university wu-ftpd 2.4.2_beta18_vr4
    washington_university wu-ftpd 2.4.2_beta18_vr5
    washington_university wu-ftpd 2.4.2_beta18_vr6
    washington_university wu-ftpd 2.4.2_beta18_vr8
    washington_university wu-ftpd 2.4.2_beta18_vr9
    washington_university wu-ftpd 2.4.2_beta18_vr10
    washington_university wu-ftpd 2.4.2_beta18_vr11
    washington_university wu-ftpd 2.4.2_beta18_vr12
    washington_university wu-ftpd 2.4.2_beta18_vr13
    washington_university wu-ftpd 2.4.2_beta18_vr14
    washington_university wu-ftpd 2.4.2_beta18_vr15
    washington_university wu-ftpd 2.4.2_vr16
    washington_university wu-ftpd 2.4.2_vr17
    washington_university wu-ftpd 2.5
    washington_university wu-ftpd 2.5
    washington_university wu-ftpd 2.4.2_vr17
    washington_university wu-ftpd 2.4.2_vr16
    washington_university wu-ftpd 2.4.2_beta18_vr9
    washington_university wu-ftpd 2.4.2_beta18_vr8
    washington_university wu-ftpd 2.4.2_beta18_vr6
    washington_university wu-ftpd 2.4.2_beta18_vr5
    washington_university wu-ftpd 2.4.2_beta18_vr4
    washington_university wu-ftpd 2.4.2_beta18_vr15
    washington_university wu-ftpd 2.4.2_beta18_vr14
    washington_university wu-ftpd 2.4.2_beta18_vr13
    washington_university wu-ftpd 2.4.2_beta18_vr12
    washington_university wu-ftpd 2.4.2_beta18_vr11
    washington_university wu-ftpd 2.4.2_beta18_vr10
    beroftpd beroftpd 1.3.4
    beroftpd beroftpd 1.3.3
    beroftpd beroftpd 1.3.2