Detections
Analytics

WU-FTPD SITE EXEC Arbitrary Local Command Execution

high Nessus Plugin ID 10090

Synopsis

The remote FTP server is affected by a command execution vulnerability.

Description

The remote host is running a version of WU-FTPD that is affected by a command execution vulnerability. It is possible to execute arbitrary command son the remote host using the 'site exec' FTP problem.

Solution

Upgrade to WU-FTPD 2.4 or later.

See Also

https://seclists.org/bugtraq/1995/Jul/0

Plugin Details

Severity: High

ID: 10090

File Name: ftp_site_exec.nasl

Version: 1.50

Type: remote

Family: FTP

Published: 6/22/1999

Updated: 6/12/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-1999-0080

CVSS v3

Risk Factor: High

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

Required KB Items: ftp/login

Excluded KB Items: global_settings/supplied_logins_only

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 3/1/1993

Reference Information

CVE: CVE-1999-0080, CVE-1999-0955

BID: 2241