Details of VAR-199712-0008

ID

VAR-199712-0008

CVE

CVE-1999-0017

TITLE

FTP Security hole

Trust: 0.6

sources: CNNVD: CNNVD-199712-006

DESCRIPTION

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. This problem is a design issue with the common implementation of the FTP protocol. In essence, the vulnerability is as follows: when a user FTP's into a host to retrieve files, the connection is two way (i.e. when you log in and request a file, the server then opens a connection back to your host of origin to deliver your requested data). Most FTP servers support what is called 'active mode' which allows users to specify a number of parameters to the FTP daemon. One of these is the PORT command, which lets you specify *where* you would like the return data connection to be sent. Therefore, instead of opening a connection back to yourself to drop off your requested files or data, you can then open that connection back to another host. This is true with both retrieving and putting data. Attackers can exploit this in some instances to circumvent access control, export restrictions, etc. There is a vulnerability in the FTP server

Trust: 1.26

sources: NVD: CVE-1999-0017 // BID: 126 // VULHUB: VHN-17

AFFECTED PRODUCTS

vendor:	sun	model:	sunos	scope:	eq	version:	4.1.4	Trust: 1.9
vendor:	sun	model:	sunos	scope:	eq	version:	4.1.3u1	Trust: 1.6
vendor:	sun	model:	sunos	scope:	eq	version:	5.3	Trust: 1.6
vendor:	sun	model:	sunos	scope:	eq	version:	5.5.1	Trust: 1.6
vendor:	sun	model:	sunos	scope:	eq	version:	5.5	Trust: 1.6
vendor:	sun	model:	sunos	scope:	eq	version:	5.4	Trust: 1.6
vendor:	sco	model:	unixware	scope:	eq	version:	2.1	Trust: 1.3
vendor:	sco	model:	open desktop	scope:	eq	version:	3.0	Trust: 1.3
vendor:	netbsd	model:	netbsd	scope:	eq	version:	1.2	Trust: 1.3
vendor:	netbsd	model:	netbsd	scope:	eq	version:	1.1	Trust: 1.3
vendor:	netbsd	model:	netbsd	scope:	eq	version:	1.0	Trust: 1.3
vendor:	ibm	model:	aix	scope:	eq	version:	4.3	Trust: 1.3
vendor:	ibm	model:	aix	scope:	eq	version:	4.2	Trust: 1.3
vendor:	ibm	model:	aix	scope:	eq	version:	4.1	Trust: 1.3
vendor:	ibm	model:	aix	scope:	eq	version:	3.2	Trust: 1.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.0	Trust: 1.3
vendor:	gnu	model:	inet	scope:	eq	version:	6.01	Trust: 1.0
vendor:	freebsd	model:	freebsd	scope:	eq	version:	1.0	Trust: 1.0
vendor:	siemens	model:	reliant unix	scope:	eq	version:	*	Trust: 1.0
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.1.0	Trust: 1.0
vendor:	caldera	model:	openlinux	scope:	eq	version:	1.2	Trust: 1.0
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.1.7	Trust: 1.0
vendor:	sco	model:	openserver	scope:	eq	version:	5.0.4	Trust: 1.0
vendor:	freebsd	model:	freebsd	scope:	eq	version:	1.2	Trust: 1.0
vendor:	gnu	model:	inet	scope:	eq	version:	5.01	Trust: 1.0
vendor:	washington university	model:	wu-ftpd	scope:	eq	version:	2.4	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	1.2.1	Trust: 1.0
vendor:	gnu	model:	inet	scope:	eq	version:	6.02	Trust: 1.0
vendor:	freebsd	model:	freebsd	scope:	eq	version:	1.1	Trust: 1.0
vendor:	washington	model:	university wu-ftpd academ[beta1-15]	scope:	eq	version:	2.4.2	Trust: 0.3
vendor:	sun	model:	solaris x86	scope:	eq	version:	2.5.1	Trust: 0.3
vendor:	sun	model:	solaris	scope:	eq	version:	2.5.1	Trust: 0.3
vendor:	sun	model:	solaris 2.6 x86	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	solaris	scope:	eq	version:	2.6	Trust: 0.3
vendor:	sun	model:	solaris 2.5 x86	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	solaris	scope:	eq	version:	2.5	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.5	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.5	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.5	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.4	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.4	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.4	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.3	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.3	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.3	Trust: 0.3
vendor:	sgi	model:	irix m	scope:	eq	version:	6.5.2	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	6.5.2	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.2	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.1	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.4	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.3	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.2	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.1	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.0	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	5.3	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	5.2	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	5.1	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	5.0	Trust: 0.3
vendor:	sgi	model:	irix h	scope:	eq	version:	4.0.5	Trust: 0.3
vendor:	sgi	model:	irix g	scope:	eq	version:	4.0.5	Trust: 0.3
vendor:	sgi	model:	irix f	scope:	eq	version:	4.0.5	Trust: 0.3
vendor:	sgi	model:	irix e	scope:	eq	version:	4.0.5	Trust: 0.3
vendor:	sgi	model:	irix d	scope:	eq	version:	4.0.5	Trust: 0.3
vendor:	sgi	model:	irix a	scope:	eq	version:	4.0.5	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	4.0.5	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	4.0.4	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	4.0.3	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	4.0	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	3.3.3	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	3.3.2	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	3.3.1	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	3.3	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	3.2	Trust: 0.3
vendor:	sco	model:	open server	scope:	eq	version:	5.0	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	4.1	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	4.0.0.4	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	3.1	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	3.0	Trust: 0.3
vendor:	mad	model:	goat software mgftp	scope:	eq	version:	2.2	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	hp	model:	hp-ux	scope:	eq	version:	10.24	Trust: 0.3
vendor:	hp	model:	hp-ux	scope:	eq	version:	11.0	Trust: 0.3
vendor:	hp	model:	hp-ux	scope:	eq	version:	10.20	Trust: 0.3
vendor:	hp	model:	hp-ux	scope:	eq	version:	10.16	Trust: 0.3
vendor:	hp	model:	hp-ux	scope:	eq	version:	10.10	Trust: 0.3
vendor:	hp	model:	hp-ux	scope:	eq	version:	9.9	Trust: 0.3
vendor:	hp	model:	hp-ux	scope:	eq	version:	9.8	Trust: 0.3
vendor:	hp	model:	hp-ux	scope:	eq	version:	9.7	Trust: 0.3
vendor:	hp	model:	hp-ux	scope:	eq	version:	9.6	Trust: 0.3
vendor:	hp	model:	hp-ux	scope:	eq	version:	9.5	Trust: 0.3
vendor:	hp	model:	hp-ux	scope:	eq	version:	9.4	Trust: 0.3
vendor:	hp	model:	hp-ux	scope:	eq	version:	9.3	Trust: 0.3
vendor:	hp	model:	hp-ux	scope:	eq	version:	9.1	Trust: 0.3
vendor:	hp	model:	hp-ux	scope:	eq	version:	9.0	Trust: 0.3
vendor:	hp	model:	hp-ux	scope:	eq	version:	7.8	Trust: 0.3
vendor:	hp	model:	hp-ux	scope:	eq	version:	7.6	Trust: 0.3
vendor:	hp	model:	hp-ux	scope:	eq	version:	7.4	Trust: 0.3
vendor:	hp	model:	hp-ux	scope:	eq	version:	7.2	Trust: 0.3
vendor:	hp	model:	hp-ux	scope:	eq	version:	7.0	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.1.7.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.1.6	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.1.5	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.0.5	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	1.1.5.1	Trust: 0.3
vendor:	digital	model:	unix d	scope:	eq	version:	4.0	Trust: 0.3
vendor:	digital	model:	unix c	scope:	eq	version:	4.0	Trust: 0.3
vendor:	digital	model:	unix b	scope:	eq	version:	4.0	Trust: 0.3
vendor:	digital	model:	unix a	scope:	eq	version:	4.0	Trust: 0.3
vendor:	digital	model:	unix	scope:	eq	version:	4.0	Trust: 0.3
vendor:	digital	model:	unix g	scope:	eq	version:	3.2	Trust: 0.3

sources: BID: 126 // CNNVD: CNNVD-199712-006 // NVD: CVE-1999-0017

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-1999-0017
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-199712-006
value:	HIGH
Trust: 0.6
VULHUB:	VHN-17
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-1999-0017
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-17
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-17 // CNNVD: CNNVD-199712-006 // NVD: CVE-1999-0017

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-0017

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199712-006

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-199712-006

EXTERNAL IDS

db:	NVD	id:	CVE-1999-0017	Trust: 2.0
db:	CNNVD	id:	CNNVD-199712-006	Trust: 0.7
db:	BID	id:	126	Trust: 0.4
db:	VULHUB	id:	VHN-17	Trust: 0.1

sources: VULHUB: VHN-17 // BID: 126 // CNNVD: CNNVD-199712-006 // NVD: CVE-1999-0017

REFERENCES

url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/cve-1999-0017	Trust: 1.7
url:	ftp://ftp.cert.org/pub/tech_tips/ftp_port_attacks	Trust: 0.3
url:	ftp://ftp.avian.org/random/ftp-attack	Trust: 0.3
url:	http://www.cert.org/advisories/ca-1997-27.html	Trust: 0.3
url:	-	Trust: 0.1

sources: VULHUB: VHN-17 // BID: 126 // CNNVD: CNNVD-199712-006 // NVD: CVE-1999-0017

CREDITS

This problem was initially posted to the Bugtraq mailing list by *Hobbit* (hobbit@avian.org) on July12/1995.

Trust: 0.9

sources: BID: 126 // CNNVD: CNNVD-199712-006

SOURCES

db:	VULHUB	id:	VHN-17
db:	BID	id:	126
db:	CNNVD	id:	CNNVD-199712-006
db:	NVD	id:	CVE-1999-0017

LAST UPDATE DATE

2024-08-14T13:40:55.235000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-17	date:	2008-09-09T00:00:00
db:	BID	id:	126	date:	2007-12-18T20:05:00
db:	CNNVD	id:	CNNVD-199712-006	date:	2022-08-18T00:00:00
db:	NVD	id:	CVE-1999-0017	date:	2022-08-17T07:15:08.243

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-17	date:	1997-12-10T00:00:00
db:	BID	id:	126	date:	1995-07-12T00:00:00
db:	CNNVD	id:	CNNVD-199712-006	date:	1997-12-10T00:00:00
db:	NVD	id:	CVE-1999-0017	date:	1997-12-10T05:00:00