CVE-1999-0878

Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/599
http://www.securityfocus.com/bid/599

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:beroftpd:beroftpd:1.3.2:::::::*
	cpe:2.3:a:beroftpd:beroftpd:1.3.3:::::::*
	cpe:2.3:a:beroftpd:beroftpd:1.3.4:::::::*
	cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:::::::*
	cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:::::::*
	cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:::::::*
	cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:::::::*
	cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:::::::*
	cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr10:::::::*
	cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr11:::::::*
	cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr12:::::::*
	cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr13:::::::*
	cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr14:::::::*
	cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr15:::::::*
	cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr16:::::::*
	cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr17:::::::*
	cpe:2.3:a:washington_university:wu-ftpd:2.5:::::::*

History

No history.

Information

Published : 1999-08-22 04:00

Updated : 2025-04-03 01:03

NVD link : CVE-1999-0878

Mitre link : CVE-1999-0878

CVE.ORG link : CVE-1999-0878

JSON object : View

Products Affected

washington_university

wu-ftpd

beroftpd

beroftpd

CWE

NVD-CWE-Other

{"id": "CVE-1999-0878", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "1999-08-22T04:00:00.000", "references": [{"url": "http://www.securityfocus.com/bid/599", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/599", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:beroftpd:beroftpd:1.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "602F3F84-3DA1-4ABE-8E47-F7B54169922E"}, {"criteria": "cpe:2.3:a:beroftpd:beroftpd:1.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "514C8A8E-E4B0-4135-B240-379D25148AFA"}, {"criteria": "cpe:2.3:a:beroftpd:beroftpd:1.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7810EC3A-70AD-4ECB-A7EF-2CC5F527D696"}, {"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B39D46C4-B153-4301-AE9C-57FB6BA64CD9"}, {"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E55582DD-DEF7-4BF8-950C-E7E58BD29DE5"}, {"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF9B9132-19A1-4242-A129-E5A49F466EA2"}, {"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A096214-84AD-44F5-BBEF-F9F17B9B0C43"}, {"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4989799F-143A-45E5-A30C-9E3203649770"}, {"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E3D0CC6-D1A0-4784-BE93-319C7EE59134"}, {"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FA32489-F098-43D2-80B7-89CFE0BE9A3A"}, {"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91C6388E-464B-4562-BC7B-7B4A66387B30"}, {"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "923B5711-853D-4A77-8FB3-D5C3D449518D"}, {"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BB1B136-F90E-426B-8010-F2D059E89DBE"}, {"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD9EFCD7-2A13-420E-B6A0-C1248B2E6E2F"}, {"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "573486C8-0349-4BC9-AD7D-3FBF93DDB6AF"}, {"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAD81A30-9C35-4EEA-B6FE-A4AC76893AC6"}, {"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AFFA39F-9072-4F19-A695-F383EA61D55D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}