| Vulnerability Name: | CVE-1999-1333 (CCN-7240) | ||||||||
| Assigned: | 1998-03-19 | ||||||||
| Published: | 1998-03-19 | ||||||||
| Updated: | 2016-10-18 | ||||||||
| Summary: | automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux 5.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the names of files that are to be downloaded. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Thu, 19 Mar 1998 18:49:46 +0100 ncftp 2.4.2 MkDirs bug Source: MITRE Type: CNA CVE-1999-1333 Source: BUGTRAQ Type: UNKNOWN 19980319 ncftp 2.4.2 MkDirs bug Source: XF Type: UNKNOWN ncftp-autodownload-command-execution(7240) Source: OSVDB Type: UNKNOWN 6111 Source: CCN Type: OSVDB ID: 6111 NcFTP Shell Metacharacter Command Execution Source: CCN Type: Red Hat Linux 5.0 General Errata ncftp Source: CONFIRM Type: UNKNOWN http://www.redhat.com/support/errata/rh50-errata-general.html#ncftp Source: XF Type: UNKNOWN ncftp-autodownload-command-execution(7240) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||