CVE-1999-0351 in Hostinfo

Summary

by MITRE

FTP PASV "Pizza Thief" denial of service and unauthorized data access. Attackers can steal data by connecting to a port that was intended for use by a client.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 04/18/2026

The CVE-1999-0351 vulnerability represents a critical flaw in File Transfer Protocol implementations that affects the PASV (Passive) command behavior. This vulnerability stems from improper port management and connection handling within FTP servers, creating a scenario where attackers can exploit the passive mode mechanism to gain unauthorized access to data transfers. The vulnerability specifically targets the way FTP servers allocate and manage port numbers for data connections, particularly when operating in passive mode where the server provides a port number for the client to connect back to for data transfer operations.

The technical flaw manifests when an FTP server in passive mode advertises a port number that remains open and accessible even after the initial data transfer has completed. This creates a window of opportunity where malicious actors can establish connections to these advertised ports without proper authentication, effectively allowing them to intercept data streams or manipulate the connection state. The vulnerability exploits the fundamental assumption that port numbers advertised by the server are temporary and should only be used for the specific data transfer they were intended to support. This flaw operates at the protocol level and affects the integrity of the FTP connection establishment process, making it particularly dangerous for systems that rely on FTP for data exchange.

The operational impact of this vulnerability extends beyond simple denial of service to encompass unauthorized data access and potential data theft. Attackers can leverage this vulnerability to perform what is commonly referred to as "port hijacking" or "connection hijacking" attacks, where they establish connections to the advertised ports and potentially intercept or manipulate data that should only be accessible to authenticated users. The vulnerability essentially creates a backdoor mechanism that allows unauthorized parties to participate in data transfers without proper authentication, potentially leading to complete data compromise. This issue affects not just the availability of services but also the confidentiality and integrity of data being transferred through FTP connections.

Mitigation strategies for CVE-1999-0351 require a multi-layered approach focusing on both protocol-level fixes and network security measures. System administrators should implement proper firewall rules that restrict access to FTP data ports and ensure that only legitimate connections can establish data transfers. The most effective long-term solution involves updating FTP implementations to properly manage port lifecycles and ensure that advertised ports are closed immediately after data transfer completion. Additionally, organizations should consider migrating to more secure file transfer protocols such as SFTP or FTPS that provide better encryption and authentication mechanisms. Network segmentation and monitoring can help detect anomalous connection patterns that may indicate exploitation attempts. This vulnerability highlights the importance of proper protocol implementation and serves as a reminder that even fundamental network protocols can contain critical security flaws when not properly designed with security in mind. The issue aligns with CWE-284 which addresses improper access control and ATT&CK techniques related to network sniffing and connection hijacking, emphasizing the need for robust protocol security measures in networked applications.

The broader implications of this vulnerability demonstrate how seemingly minor implementation flaws in core network protocols can lead to significant security compromises. Organizations should conduct regular security assessments of their network services and ensure that legacy protocols are properly secured or migrated to more modern alternatives. The vulnerability also underscores the importance of proper input validation and connection management in network services, as the flaw specifically relates to how the FTP server handles port allocation and connection lifecycle management.

Disclosure

02/01/1999

Moderation

accepted

Entry

VDB-14475

CPE

ready

EPSS

0.01497

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!