CVE-1999-0997

Published: Dec 20, 1999Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.

Affected (7)

Products: Millenux Gmbh: Anonftp · University Of Washington: Wu Ftpd · Redhat: Linux

Millenux Gmbh

1 product

Anonftp

University Of Washington

1 product

Wu Ftpd

Redhat

1 product

Linux

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Millenux Gmbh Anonftp	Version 2.8.1
University Of Washington Wu Ftpd	Version 2.4.2
University Of Washington Wu Ftpd	Version 2.5.0
University Of Washington Wu Ftpd	Version 2.6.0

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Linux	Version 5.2
Redhat Linux	Version 6.0
Redhat Linux	Version 6.1

References (2)

http://www.debian.org/security/2003/dsa-377

Source: cve@mitre.org

http://www.debian.org/security/2003/dsa-377

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.