Vulnerabilities > CVE-1999-1326 - Unspecified vulnerability in Washington University Wu-Ftpd 2.4
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | FTP |
NASL id | WU_FTPD_ABOR_PRIVILEDGE_ESCALATION.NASL |
description | The version of WU-FTPD running on the remote host contains a flaw that may allow a malicious user to gain access to unauthorized privileges. Specifically, there is a flaw in the way that the server handles an ABOR command after a data connection has been closed. The flaw is within the dologout() function and proper exploitation will give the remote attacker the ability to execute arbitrary code as the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 14301 |
published | 2004-08-17 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/14301 |
title | WU-FTPD ABOR Command Arbitrary File Access |