CVE-1999-0950
published 1999-10-28CVE-1999-0950: Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
PriorityP345critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
8.12%
94.1th percentile
Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| texas_imperial_software | wftpd | — | — |
| texas_imperial_software | wftpd | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WFTPD 2.34/2.40/3.0 - Remote Buffer Overflow
exploitdb·1999-11-04
CVE-1999-0950 WFTPD 2.34/2.40/3.0 - Remote Buffer Overflow
WFTPD 2.34/2.40/3.0 - Remote Buffer Overflow
---
source: https://www.securityfocus.com/bid/747/info
WFTPD is reported prone to a remote buffer overflow vulnerability. The issue exists due to a lack of sufficient bounds checking performed on MKD and CWD arguments. It is reported that superfluous data passed to MKD first and then to CWD results in the overflow.
This vulnerability may be exploited by a remote authenticate attacker to execute arbitrary code in the context of the affected service.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19570.tgz
Exploit-DB
WFTPD 2.34/2.40/3.0 - Remote Buffer Overflow (PoC)
exploitdb·1999-10-28
CVE-1999-0950 WFTPD 2.34/2.40/3.0 - Remote Buffer Overflow (PoC)
WFTPD 2.34/2.40/3.0 - Remote Buffer Overflow (PoC)
---
source: https://www.securityfocus.com/bid/747/info
WFTPD is reported prone to a remote buffer overflow vulnerability. The issue exists due to a lack of sufficient bounds checking performed on MKD and CWD arguments. It is reported that superfluous data passed to MKD first and then to CWD results in the overflow.
This vulnerability may be exploited by a remote authenticate attacker to execute arbitrary code in the context of the affected service.
#!/usr/bin/perl
#####################################################################
# Based upon advisories by USSR (www.ussrback.com) #
# #
# Demonstration script to remotely overflow various server buffers, #
# resulting in a denial of service, for TESTING purposes only. #
# Runs on *n
No writeups or analysis indexed.
1999-10-28
Published