Vulnerability Details

ID: CVE-1999-0880

HPI
MISC

Last Modified: Aug. 17, 2022

Open in new window

Description

Denial of service in WU-FTPD via the SITE NEWER command, which does not free memory properly.

CVSS V2

Access Vector: Network

Access Complexity: Low

Authentication: None

Confidentiality Impact: None

Integrity Impact: None

Availability Impact: Partial

Base Score: 5.0

Exploitability Score: 10.0

Impact Score: 2.9

CVSS V2: AV:N/AC:L/Au:N/C:N/I:N/A:P

Specialize CVSS-Score

CWE-ID

NVD-CWE-Other

Snort-Rules

['alert tcp $EXTERNAL_NET any -> $HOME_NET 21 ( msg:"PROTOCOL-FTP SITE NEWER attempt"; flow:to_server,established; content:"SITE",nocase; content:"NEWER",distance 1,nocase; pcre:"/^SITE\\s+NEWER/ims"; metadata:ruleset community; service:ftp; reference:cve,1999-0880; reference:nessus,10319; classtype:attempted-dos; sid:1864; rev:13; )\n', '# alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"PROTOCOL-FTP SITE NEWER attempt"; flow:to_server,established; content:"SITE"; nocase; content:"NEWER"; distance:1; nocase; pcre:"/^SITE\\s+NEWER/smi"; metadata:ruleset community, service ftp; reference:cve,1999-0880; reference:nessus,10319; classtype:attempted-dos; sid:1864; rev:13;)\n']

Configuration

Condition		Configuration
OR
OR
	cpe:2.3:o:caldera:openlinux:1.0:::::::* Part: o Product: openlinux Vendor: caldera Version: 1.0	Alle Schwachstellen für caldera
	cpe:2.3:o:bsdi:bsd_os:3.0:::::::* Part: o Product: bsd_os Vendor: bsdi Version: 3.0	Alle Schwachstellen für bsdi
	cpe:2.3:o:bsdi:bsd_os:2.1:::::::* Part: o Product: bsd_os Vendor: bsdi Version: 2.1	Alle Schwachstellen für bsdi

Pre-Condition

                    <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="operating_system" value="cpe:2.3:o:caldera:openlinux:1.0:*:*:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:bsdi:bsd_os:3.0:*:*:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:bsdi:bsd_os:2.1:*:*:*:*:*:*:*"/>
    </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="remote"/>
</set>

Post-Condition

                      <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="operating_system" value="cpe:2.3:o:caldera:openlinux:1.0:*:*:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:bsdi:bsd_os:3.0:*:*:*:*:*:*:*"/>
        <prop key="operating_system" value="cpe:2.3:o:bsdi:bsd_os:2.1:*:*:*:*:*:*:*"/>
    </set>
    <set operator="or">
        <prop key="program_influence" value="input"/>
        <prop key="program_influence" value="existence"/>
    </set>
    <prop key="range" value="remote"/>
</set>

HPI-VDB — Database for IT-Attack Analysis