First published: Wed Dec 10 1997(Updated: )
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
inet | =5.01 | |
inet | =6.01 | |
wu-ftpd | =2.4 | |
inet | =6.02 | |
SunOS | =5.5 | |
IBM AIX | =4.3 | |
SCO Open Desktop | =3.0 | |
SunOS | =5.3 | |
SCO OpenLinux Server | =1.2 | |
SunOS | =4.1.4 | |
IBM AIX | =4.2 | |
NetBSD current | =1.2.1 | |
FreeBSD Kernel | =2.1.7 | |
SunOS | =5.5 | |
Siemens Reliant Unix | ||
NetBSD current | =1.0 | |
SunOS | =5.4 | |
Xinuos UnixWare | =2.1 | |
FreeBSD Kernel | =1.0 | |
SunOS | =5.5.1 | |
FreeBSD Kernel | =1.1 | |
NetBSD current | =1.1 | |
FreeBSD Kernel | =2.1.0 | |
SunOS | =5.4 | |
SunOS | =5.5.1 | |
SunOS | =4.1.3u1 | |
IBM AIX | =4.1 | |
FreeBSD Kernel | =1.2 | |
IBM AIX | =3.2 | |
NetBSD current | =1.2 | |
SCO OpenServer | =5.0.4 | |
FreeBSD Kernel | =2.0 | |
=5.01 | ||
=6.01 | ||
=6.02 | ||
=2.4 | ||
=1.2 | ||
=1.0 | ||
=1.1 | ||
=1.2 | ||
=2.0 | ||
=2.1.0 | ||
=2.1.7 | ||
=3.2 | ||
=4.1 | ||
=4.2 | ||
=4.3 | ||
=1.0 | ||
=1.1 | ||
=1.2 | ||
=1.2.1 | ||
=3.0 | ||
=5.0.4 | ||
=2.1 | ||
=4.1.3u1 | ||
=4.1.4 | ||
=5.3 | ||
=5.4 | ||
=5.4 | ||
=5.5 | ||
=5.5 | ||
=5.5.1 | ||
=5.5.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-1999-0017 is considered to be high due to its potential to allow unauthorized access to arbitrary ports on remote machines.
To fix CVE-1999-0017, it is recommended to upgrade to a version of the affected FTP server software that has patched this vulnerability.
CVE-1999-0017 affects several versions of GNU Inet, Wu-FTPD, FreeBSD, IBM AIX, and Sun SunOS, among others.
FTP bounce refers to the ability of an attacker to use an FTP server to send requests to other ports on different machines, potentially bypassing firewall restrictions.
While CVE-1999-0017 is an older vulnerability, it remains relevant for legacy systems that still use vulnerable FTP servers.