CVE-1999-0079 in Solaris
Summary
by MITRE
Remote attackers can cause a denial of service in FTP by issuing multiple PASV commands, causing the server to run out of available ports.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 10/28/2025
This vulnerability represents a classic resource exhaustion attack targeting ftp server implementations through improper handling of the passive mode command sequence. The flaw manifests when remote attackers repeatedly submit pasv commands to an ftp server without proper connection handling or rate limiting mechanisms. Each pasv command typically instructs the server to open a new port for data connection establishment, creating a scenario where the server allocates port resources without adequate cleanup or restriction. The vulnerability stems from inadequate input validation and resource management within the ftp protocol implementation, particularly affecting the passive mode functionality that relies on port allocation for data transfers.
The technical exploitation occurs through a simple yet effective attack pattern where an attacker establishes a connection to the ftp server and repeatedly issues pasv commands in rapid succession. This behavior causes the server to continuously allocate new ports while failing to properly close or reuse existing port allocations, leading to exhaustion of the available port range. The vulnerability specifically affects systems where the ftp server implementation does not properly manage port lifecycle or implement adequate rate limiting for pasv command processing. This type of attack can be categorized under cwe-400 resource exhaustion and represents a denial of service condition that impacts service availability rather than data integrity or confidentiality.
From an operational impact perspective, this vulnerability can completely disrupt ftp services by rendering the server unable to accept new connections or process legitimate data transfers. The attack requires minimal resources and can be executed by a single remote attacker, making it particularly dangerous for systems that rely heavily on ftp services for file transfers and data management. Network administrators may experience complete service degradation where legitimate users cannot establish ftp connections, and the server may require manual intervention or restart to recover from the port exhaustion state. The vulnerability affects systems where ftp servers are exposed to untrusted networks without proper access controls or monitoring mechanisms.
Mitigation strategies should focus on implementing proper rate limiting and connection management within ftp server implementations to prevent excessive port allocation. Systems administrators should configure ftp servers with appropriate port range restrictions and implement connection throttling to limit the frequency of pasv command processing. Network-level protections including firewall rules and intrusion detection systems can help monitor and block suspicious patterns of repeated pasv commands. The implementation of proper resource management and input validation aligns with best practices outlined in the mitre attack framework under the denial of service tactic, specifically targeting the resource exhaustion technique. Additionally, regular security updates and patches should be applied to ftp server software to address known vulnerabilities in passive mode handling and port allocation mechanisms.