WU-FTPD SITE EXEC Arbitrary Local Command Execution

High Nessus Plugin ID 10090


The remote FTP server is affected by a command execution vulnerability.


The remote host is running a version of WU-FTPD that is affected by a command execution vulnerability. It is possible to execute arbitrary command son the remote host using the 'site exec' FTP problem.


Upgrade to WU-FTPD 2.4 or later.

See Also


Plugin Details

Severity: High

ID: 10090

File Name: ftp_site_exec.nasl

Version: $Revision: 1.35 $

Type: remote

Family: FTP

Published: 1999/06/22

Modified: 2016/09/26

Dependencies: 10079, 10092

Risk Information

Risk Factor: High


Base Score: 7.6

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:W/RC:ND

Vulnerability Information

Required KB Items: ftp/login

Vulnerability Publication Date: 1993/03/01

Reference Information

CVE: CVE-1999-0080, CVE-1999-0955

BID: 2241

OSVDB: 77, 8719, 8720