Vulnerabilities > CVE-1999-0256
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in War FTP allows remote execution of commands.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 | |
OS | 2 |
Exploit-Db
description War-FTPD 1.65 Username Overflow. CVE-1999-0256. Remote exploit for windows platform id EDB-ID:16724 last seen 2016-02-02 modified 2010-07-03 published 2010-07-03 reporter metasploit source https://www.exploit-db.com/download/16724/ title War-FTPD 1.65 - Username Overflow description War-FTPD 1.65 Password Overflow. CVE-1999-0256. Remote exploit for windows platform id EDB-ID:16706 last seen 2016-02-02 modified 2010-07-03 published 2010-07-03 reporter metasploit source https://www.exploit-db.com/download/16706/ title War-FTPD 1.65 Password Overflow
Metasploit
description This exploits the buffer overflow found in the PASS command in War-FTPD 1.65. This particular module will only work reliably against Windows 2000 targets. The server must be configured to allow anonymous logins for this exploit to succeed. A failed attempt will bring down the service completely. id MSF:EXPLOIT/WINDOWS/FTP/WARFTPD_165_PASS last seen 2019-12-29 modified 2017-07-24 published 2006-12-13 references https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0256 reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/ftp/warftpd_165_pass.rb title War-FTPD 1.65 Password Overflow description This module exploits a buffer overflow found in the USER command of War-FTPD 1.65. id MSF:EXPLOIT/WINDOWS/FTP/WARFTPD_165_USER last seen 2020-04-11 modified 2017-07-24 published 2005-11-26 references https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0256 reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/ftp/warftpd_165_user.rb title War-FTPD 1.65 Username Overflow
Nessus
NASL family | FTP |
NASL id | DDI_WARFTPD_USER_OVERFLOW.NASL |
description | The version of War FTP Daemon running on this host contains a buffer overflow in the code that handles the USER and PASS commands. A potential intruder could use this vulnerability to crash the server, as well as run arbitrary commands on the system. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11207 |
published | 2003-01-22 |
reporter | This script is Copyright (C) 2003-2015 Digital Defense, Inc. |
source | https://www.tenable.com/plugins/nessus/11207 |
title | WarFTPd USER/PASS Command Remote Overflow |
code |
|
Packetstorm
data source https://packetstormsecurity.com/files/download/83063/warftpd_165_pass.rb.txt id PACKETSTORM:83063 last seen 2016-12-05 published 2009-11-26 reporter H D Moore source https://packetstormsecurity.com/files/83063/War-FTPD-1.65-Password-Overflow.html title War-FTPD 1.65 Password Overflow data source https://packetstormsecurity.com/files/download/82932/warftpd_165_user.rb.txt id PACKETSTORM:82932 last seen 2016-12-05 published 2009-10-30 reporter riaf source https://packetstormsecurity.com/files/82932/War-FTPD-1.65-Username-Overflow.html title War-FTPD 1.65 Username Overflow