Vulnerabilities > CVE-1999-0368

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

washington-university

proftpd-project

critical

nessus

exploit available

NVD

Published: 1999-02-09

Updated: 2022-08-17

Summary

Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

Vulnerable Configurations

Part	Description	Count
Application	Washington_University Washington University WU Ftpd 2.4.2_Beta18_Vr9 Washington University WU Ftpd 2.4.2_Beta18	2
Application	Proftpd_Project Proftpd Project Proftpd 1.2_Pre1	1
OS	Sco SCO Openserver 5.0 SCO Openserver 5.0.2 SCO Openserver 5.0.5 SCO Openserver 5.0.3 SCO Openserver 5.0.4 SCO Unixware 7.0 SCO Unixware 7.0.1	7
OS	Slackware Slackware Slackware Linux 3.5 Slackware Slackware Linux 3.4 Slackware Slackware Linux 3.6	3
OS	Redhat Redhat Linux 5.1 Redhat Linux 5.0	2
OS	Debian Debian Debian Linux 2.0	1
OS	Caldera Caldera Openlinux 1.3	1

Exploit-Db

description	wu-ftpd 2.4.2,SCO Open Server 5.0.5,ProFTPD 1.2 pre1 realpath Vulnerability (1). CVE-1999-0368. Remote exploit for linux platform
id	EDB-ID:19086
last seen	2016-02-02
modified	1999-02-09
published	1999-02-09
reporter	smiler and cossack
source	https://www.exploit-db.com/download/19086/
title	wu-ftpd 2.4.2 & SCO Open Server <= 5.0.5 & ProFTPD 1.2 pre1 - realpath Vulnerability 1

description	wu-ftpd 2.4.2,SCO Open Server 5.0.5,ProFTPD 1.2 pre1 realpath Vulnerability (2). CVE-1999-0368. Remote exploit for linux platform
id	EDB-ID:19087
last seen	2016-02-02
modified	1999-02-09
published	1999-02-09
reporter	jamez and c0nd0r
source	https://www.exploit-db.com/download/19087/
title	wu-ftpd 2.4.2 & SCO Open Server <= 5.0.5 & ProFTPD 1.2 pre1 - realpath Vulnerability 2

Nessus

NASL family	FTP
NASL id	PROFTPD_PRE10.NASL
description	The remote ProFTPd server is running a 1.2.0preN version. All the 1.2.0preN versions contain several security flaws that allow an attacker to execute arbitrary code on this host.
last seen	2020-06-01
modified	2020-06-02
plugin id	10464
published	2000-07-15
reporter	This script is Copyright (C) 2000-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/10464
title	ProFTPD Multiple Remote Overflows (palmetto)

NASL family	FTP
NASL id	WU_FTPD_OVERFLOW.NASL
description	It was possible to make the remote FTP server crash by creating a huge directory structure. This is usually called the
last seen	2020-06-01
modified	2020-06-02
plugin id	10318
published	1999-08-31
reporter	This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/10318
title	WU-FTPD Multiple Vulnerabilities (OF, Priv Esc)

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0368

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.