CVE-1999-0911
published 1999-08-27CVE-1999-0911: Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested…
PriorityP352critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
38.05%
98.4th percentile
Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| proftpd_project | proftpd | — | — |
| proftpd_project | proftpd | — | — |
| proftpd_project | proftpd | — | — |
| proftpd_project | proftpd | — | — |
| proftpd_project | proftpd | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
GPL FTP MKD overflow attempt
suricata·2010-09-23
CVE-1999-0911 GPL FTP MKD overflow attempt
GPL FTP MKD overflow attempt
Rule: alert ftp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL FTP MKD overflow attempt"; flow:established,to_server; content:"MKD"; nocase; isdataat:100,relative; pcre:"/^MKD\s[^\n]{100}/smi"; reference:bugtraq,612; reference:bugtraq,7278; reference:bugtraq,9872; reference:cve,1999-0911; reference:nessus,12108; classtype:attempted-admin; sid:2101973; rev:12; metadata:created_at 2010_09_23, cve CVE_1999_0911, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Exploit-DB
ProFTPd 1.2 pre1/pre2/pre3/pre4/pre5 - Remote Buffer Overflow (2)
exploitdb·1999-08-27
CVE-1999-0911 ProFTPd 1.2 pre1/pre2/pre3/pre4/pre5 - Remote Buffer Overflow (2)
ProFTPd 1.2 pre1/pre2/pre3/pre4/pre5 - Remote Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/612/info
The vulnerability in 1.2pre1, 1.2pre3 and 1.2pre3 is a remotely exploitable buffer overflow, the result of a sprintf() in the log_xfer() routine in src/log.c.
The vulnerability in 1.2pre4 is a mkdir overflow. The name of the created path can not exceed 255 chars.
1.2pre6 limits the command buffer size to 512 characters in src/main.c and modifies the fix from 1.2pre4.
/*
* !!!! Private .. ... distribute !!!!
*
* proftpd-1.2.0 remote root exploit (beta2)
* (Still need some code, but it works fine)
*
* Offset: Linux Redhat 6.0
* 0 -> proftpd-1.2.0pre1
* 0 -> proftpd-1.2.0pre2
* 0 -> proftpd-1.2.0pre3
* (If this dont work, try changing the align)
*
* Usage:
* $ cc pro
Exploit-DB
ProFTPd 1.2 pre1/pre2/pre3/pre4/pre5 - Remote Buffer Overflow (1)
exploitdb·1999-08-17
CVE-1999-0911 ProFTPd 1.2 pre1/pre2/pre3/pre4/pre5 - Remote Buffer Overflow (1)
ProFTPd 1.2 pre1/pre2/pre3/pre4/pre5 - Remote Buffer Overflow (1)
---
// source: https://www.securityfocus.com/bid/612/info
The vulnerability in 1.2pre1, 1.2pre3 and 1.2pre3 is a remotely exploitable buffer overflow, the result of a sprintf() in the log_xfer() routine in src/log.c.
The vulnerability in 1.2pre4 is a mkdir overflow. The name of the created path can not exceed 255 chars.
1.2pre6 limits the command buffer size to 512 characters in src/main.c and modifies the fix from 1.2pre4.
/*
* babcia padlina ltd. (poland, 17/08/99)
*
* your ultimate proftpd pre0-3 exploiting toolkit
*
* based on:
* - adm-wuftpd by duke
* - kombajn do czere�ni by Lam3rZ (thx for shellcode!)
*
* thx and greetz.
*/
#include
#include
#include
#include
#include
#include
#include
#include
#define MAXARGLEN
No writeups or analysis indexed.
1999-08-27
Published