CVE-1999-0080

Name of the Vulnerable Software and Affected Versions wu-ftp FTP server version 2.4

Description The issue concerns certain configurations of the wu-ftp FTP server that use a PATH EXECPATH setting to a directory with dangerous commands, such as /bin. This configuration allows remote authenticated users to gain root access via the "site exec" command.

Recommendations For wu-ftp FTP server version 2.4, consider changing the PATH EXECPATH setting to a directory without dangerous commands to prevent remote authenticated users from gaining root access. As a temporary workaround, restrict access to the "site exec" command until a more permanent solution is implemented.