Vulnerabilities > CVE-1999-1326 - Unspecified vulnerability in Washington University Wu-Ftpd 2.4
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | FTP |
| NASL id | WU_FTPD_ABOR_PRIVILEDGE_ESCALATION.NASL |
| description | The version of WU-FTPD running on the remote host contains a flaw that may allow a malicious user to gain access to unauthorized privileges. Specifically, there is a flaw in the way that the server handles an ABOR command after a data connection has been closed. The flaw is within the dologout() function and proper exploitation will give the remote attacker the ability to execute arbitrary code as the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 14301 |
| published | 2004-08-17 |
| reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/14301 |
| title | WU-FTPD ABOR Command Arbitrary File Access |