Race Condition in ftpd Allows Unauthorized File Access
CVE-1999-0035

5.4MEDIUM

Key Information:

Vendor: Gnu
Status: Inet; Irix
Vendor: CVE Published:; 29 May 1997

What is CVE-1999-0035?

A race condition within the signal handling routine of ftpd can permit malicious users to read from or write to arbitrary files. This vulnerability arises when concurrent processes fail to properly synchronize their operations, allowing unauthorized access to sensitive files. It underscores the importance of robust process synchronization in maintaining system integrity and preventing exploitation.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Jun 7, 1999
Vulnerability published
May 29, 1997

JSON

Gnu

What is CVE-1999-0035?

References

CVSS V3.1

Timeline