Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-0368

6 documents5 sources
Severity
10.0CRITICAL
EPSS
48.3%
top 2.26%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
8
Caldera OpenlinuxDebian Debian LinuxProftpd Project Proftpd+5 more
Timeline
PublishedFeb 9
Latest updateApr 30

Description

Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages7 packages

NVDwashington_university/wu-ftpd2.4.2_beta18, 2.4.2_beta18_vr9+1
NVDredhat/linux5.0, 5.1+1
NVDsco/unixware7.0, 7.0.1+1
NVDsco/openserver5 versions+4

Also affects: Debian Linux 2.0

🔴Vulnerability Details

2
GHSA
GHSA-pjq9-4mrj-pv4g: Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a2022-04-30
CVEList
CVE-1999-0368: Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a1999-09-29

💥Exploits & PoCs

2
Exploit-DB
WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - 'realpath' Remote Buffer Overflow (1)1999-02-09
Exploit-DB
WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - 'realpath' Remote Buffer Overflow (2)1999-02-09

🔍Detection Rules

1
Suricata
GPL FTP MKD overflow2010-09-23