Summary
The remote FTP server does not properly sanitize the argument of the SITE EXEC command.
It may be possible for a remote attacker
to gain root access.
Solution
Upgrade your wu-ftpd server (<= 2.6.0 are vulnerable) or disable any access from untrusted users (especially anonymous).
Severity
Classification
-
CVE CVE-1999-0997, CVE-2000-0573 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution Vulnerability
- GNU Bash Environment Variable Handling Shell Remote Command Execution Vulnerability (FTP Check)
- ProFTPD Server SQL Injection Vulnerability
- FileCopa FTP Server Directory Traversal Vulnerability
- FreeBSD and OpenBSD 'ftpd' NULL Pointer Dereference Denial Of Service Vulnerability