Vulnerability Name:

CVE-1999-0997 (CCN-3952)

Assigned:1999-12-20
Published:1999-12-20
Updated:2008-09-05
Summary:wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Sun Dec 19 1999 - 19:53:13 CST
Security vulnerability in certain wu-ftpd (and derivitives) configurations (fwd)

Source: MITRE
Type: CNA
CVE-1999-0997

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2003:748
wu-ftpd

Source: DEBIAN
Type: UNKNOWN
DSA-377

Source: DEBIAN
Type: DSA-377
wu-ftpd -- insecure program execution

Source: CCN
Type: OSVDB ID: 1736
WU-FTPD FTP Conversion Malformed File Name Handling Arbitrary Command Execution

Source: CCN
Type: BID-2240
Multiple Vendor FTP Conversion Vulnerability

Source: CCN
Type: slackware-security Mailing List, Tue, 23 Sep 2003 23:07:06 -0700 (PDT)
WU-FTPD Security Advisory (SSA:2003-259-03)

Source: XF
Type: UNKNOWN
wuftp-ftp-conversion(3952)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:millenux_gmbh:anonftp:2.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:wu-ftpd:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:wu-ftpd:2.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:wu-ftpd:2.6.0:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:redhat:linux:5.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.1:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:washington_university:wu-ftpd:*:*:*:*:*:*:*:*
  • AND
  • cpe:/o:conectiva:linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:current:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:377
    V
    insecure program execution
    2003-09-04
    BACK
    millenux_gmbh anonftp 2.8.1
    university_of_washington wu-ftpd 2.4.2
    university_of_washington wu-ftpd 2.5.0
    university_of_washington wu-ftpd 2.6.0
    redhat linux 5.2
    redhat linux 6.0
    redhat linux 6.1
    washington_university wu-ftpd *
    conectiva linux 7.0
    conectiva linux 8.0
    debian debian linux 3.0
    slackware slackware linux current
    slackware slackware linux 9.0
    conectiva linux 9.0