CVE-1999-0955
published 1997-09-23CVE-1999-0955: Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command.
PriorityP427high7.6CVSS 2.0
AVNACHAuNCCICAC
EPSS
2.52%
82.9th percentile
Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| washington_university | wu-ftpd | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
University of Washington wu-ftpd 2.4.1 site exec Command privileges management (Nessus ID 10090 / ID 27157)
vuldb·2026-04-17·CVSS 7.6
CVE-1999-0955 [HIGH] University of Washington wu-ftpd 2.4.1 site exec Command privileges management (Nessus ID 10090 / ID 27157)
A vulnerability classified as critical has been found in University of Washington wu-ftpd 2.4.1. This issue affects some unknown processing of the component site exec Command. The manipulation leads to improper privilege management.
This vulnerability is referenced as CVE-1999-0955. Remote exploitation of the attack is possible. No exploit is available.
It is recommended to upgrade the affected component.
GHSA
GHSA-qhr5-9grc-ch8q: Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command
ghsa_unreviewed·2022-04-30
CVE-1999-0955 [HIGH] GHSA-qhr5-9grc-ch8q: Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command
Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command.
Suricata
GPL FTP SITE EXEC attempt
suricata·2010-09-23
CVE-1999-0080 GPL FTP SITE EXEC attempt
GPL FTP SITE EXEC attempt
Rule: alert ftp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL FTP SITE EXEC attempt"; flow:established,to_server; content:"SITE"; nocase; content:"EXEC"; distance:0; nocase; pcre:"/^SITE\s+EXEC/smi"; reference:arachnids,317; reference:bugtraq,2241; reference:cve,1999-0080; reference:cve,1999-0955; classtype:bad-unknown; sid:2100361; rev:18; metadata:created_at 2010_09_23, cve CVE_1999_0080, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
No public exploits indexed.
No writeups or analysis indexed.
1997-09-23
Published