CVE-1999-0080 in wu-ftpd
Summary
by MITRE
Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 04/16/2026
The vulnerability described in CVE-1999-0080 represents a critical privilege escalation flaw within the wu-ftp FTP server version 2.4 implementation. This issue stems from improper path handling and command execution mechanisms that allow authenticated remote attackers to elevate their privileges to root level access. The vulnerability specifically targets the _PATH_EXECPATH configuration parameter which, when set to directories containing system binaries such as /bin, creates an exploitable condition through the "site exec" command functionality. This configuration flaw demonstrates poor security design principles and highlights the dangers of inadequate input validation and privilege separation in network services.
The technical exploitation of this vulnerability occurs through the manipulation of the site exec command within the FTP protocol. When an authenticated user issues a site exec command with a maliciously crafted argument, the system executes the command using the configured _PATH_EXECPATH setting. If this path includes directories like /bin where system binaries reside, attackers can potentially execute commands with elevated privileges. The flaw essentially allows attackers to bypass normal access controls and execute arbitrary code with root permissions, making it a severe privilege escalation vulnerability. This type of vulnerability falls under CWE-78: Improper Neutralization of Special Elements used in an OS Command, which specifically addresses the improper handling of command arguments that can lead to arbitrary code execution.
The operational impact of CVE-1999-0080 is substantial as it provides attackers with complete system compromise capabilities. Once authenticated, an attacker can leverage this vulnerability to gain root access, which enables them to modify system files, install backdoors, steal sensitive data, or use the compromised system as a launch point for further attacks within the network. The vulnerability affects systems running wu-ftp version 2.4 where the _PATH_EXECPATH setting has been configured to include directories containing dangerous commands. This makes it particularly dangerous in environments where FTP services are exposed to untrusted networks or where multiple users have authenticated access to the FTP service.
Mitigation strategies for this vulnerability involve several critical steps that align with established security frameworks and best practices. System administrators should immediately update to patched versions of wu-ftp or implement proper path configuration that does not include directories containing system binaries. The _PATH_EXECPATH setting should be carefully reviewed and restricted to only include directories that are necessary for legitimate FTP operations. Additionally, implementing proper access controls and privilege separation mechanisms can prevent unauthorized execution of system commands. This vulnerability aligns with ATT&CK technique T1068: Exploitation for Privilege Escalation, which emphasizes the importance of securing command execution mechanisms and preventing unauthorized privilege elevation. Organizations should also consider implementing network segmentation and monitoring to detect unusual FTP activity that might indicate exploitation attempts. The remediation process should include comprehensive security audits of all network services to identify similar path traversal and command execution vulnerabilities that could provide similar attack vectors.