Vulnerabilities > CVE-1999-0256

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

jgaa

microsoft

nessus

exploit available

metasploit

NVD

Published: 1998-02-01

Updated: 2008-09-09

Summary

Buffer overflow in War FTP allows remote execution of commands.

Vulnerable Configurations

Part	Description	Count
Application	Jgaa Jgaa Warftpd 1.8.2	2
OS	Microsoft Microsoft Windows 95 * Microsoft Windows NT *	2

Exploit-Db

description	War-FTPD 1.65 Username Overflow. CVE-1999-0256. Remote exploit for windows platform
id	EDB-ID:16724
last seen	2016-02-02
modified	2010-07-03
published	2010-07-03
reporter	metasploit
source	https://www.exploit-db.com/download/16724/
title	War-FTPD 1.65 - Username Overflow

description	War-FTPD 1.65 Password Overflow. CVE-1999-0256. Remote exploit for windows platform
id	EDB-ID:16706
last seen	2016-02-02
modified	2010-07-03
published	2010-07-03
reporter	metasploit
source	https://www.exploit-db.com/download/16706/
title	War-FTPD 1.65 Password Overflow

Metasploit

description	This exploits the buffer overflow found in the PASS command in War-FTPD 1.65. This particular module will only work reliably against Windows 2000 targets. The server must be configured to allow anonymous logins for this exploit to succeed. A failed attempt will bring down the service completely.
id	MSF:EXPLOIT/WINDOWS/FTP/WARFTPD_165_PASS
last seen	2019-12-29
modified	2017-07-24
published	2006-12-13
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0256
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/ftp/warftpd_165_pass.rb
title	War-FTPD 1.65 Password Overflow

description	This module exploits a buffer overflow found in the USER command of War-FTPD 1.65.
id	MSF:EXPLOIT/WINDOWS/FTP/WARFTPD_165_USER
last seen	2020-04-11
modified	2017-07-24
published	2005-11-26
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0256
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/ftp/warftpd_165_user.rb
title	War-FTPD 1.65 Username Overflow

Nessus

NASL family	FTP
NASL id	DDI_WARFTPD_USER_OVERFLOW.NASL
description	The version of War FTP Daemon running on this host contains a buffer overflow in the code that handles the USER and PASS commands. A potential intruder could use this vulnerability to crash the server, as well as run arbitrary commands on the system.
last seen	2020-06-01
modified	2020-06-02
plugin id	11207
published	2003-01-22
reporter	This script is Copyright (C) 2003-2015 Digital Defense, Inc.
source	https://www.tenable.com/plugins/nessus/11207
title	WarFTPd USER/PASS Command Remote Overflow
code	# # This script was written by Erik Tayler <[email protected]> # # See the Nessus Scripts License for details # # Changes by Tenable: # - Revised plugin title (2/04/2009) include("compat.inc"); if(description) { script_id(11207); script_version("1.18"); script_cve_id("CVE-1999-0256"); script_bugtraq_id(10078); script_name(english:"WarFTPd USER/PASS Command Remote Overflow"); script_summary(english:"War FTP Daemon USER/PASS Overflow"); script_set_attribute(attribute:"synopsis", value: "Arbitrary code can be run on the remote FTP server." ); script_set_attribute(attribute:"description", value: "The version of War FTP Daemon running on this host contains a buffer overflow in the code that handles the USER and PASS commands. A potential intruder could use this vulnerability to crash the server, as well as run arbitrary commands on the system." ); script_set_attribute(attribute:"solution", value: "Upgrade to WarFTPd version 1.66x4 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'War-FTPD 1.65 Username Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2003/01/22"); script_set_attribute(attribute:"vuln_publication_date", value: "1998/03/19"); script_cvs_date("Date: 2018/06/27 18:42:25"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2003-2015 Digital Defense, Inc."); script_family(english:"FTP"); script_dependencies("ftpserver_detect_type_nd_version.nasl"); script_require_ports("Services/ftp", 21); exit(0); } include("ftp_func.inc"); port = get_ftp_port(default: 21); r = get_ftp_banner(port:port); if (!r) exit(1); if(egrep(pattern:"WAR-FTPD 1.([0-5][0-9]\|6[0-5])[^0-9]*Ready",string:r, icase:TRUE)) { security_hole(port); }

Packetstorm

data source	https://packetstormsecurity.com/files/download/83063/warftpd_165_pass.rb.txt
id	PACKETSTORM:83063
last seen	2016-12-05
published	2009-11-26
reporter	H D Moore
source	https://packetstormsecurity.com/files/83063/War-FTPD-1.65-Password-Overflow.html
title	War-FTPD 1.65 Password Overflow

data source	https://packetstormsecurity.com/files/download/82932/warftpd_165_user.rb.txt
id	PACKETSTORM:82932
last seen	2016-12-05
published	2009-10-30
reporter	riaf
source	https://packetstormsecurity.com/files/82932/War-FTPD-1.65-Username-Overflow.html
title	War-FTPD 1.65 Username Overflow

References

http://www.osvdb.org/875

Vulnerabilities > CVE-1999-0256 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-1999-0256"}]}

Summary

Vulnerable Configurations

Exploit-Db

Metasploit

Nessus

Packetstorm

References

Vulnerabilities > CVE-1999-0256