CVE-1999-0368

ProFTPD and wu-ftpd - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-1999-0368. PoCs published by jamez & c0nd0r, smiler & cossack.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in ProFTPD and wu-ftpd due to improper bounds checking in the 'realpath' function. It allows remote code execution by creating an unusually long pathname to overwrite the stack and execute arbitrary commands as root.

Description

Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

Exploits (2)

exploitdb WORKING POC VERIFIED

by jamez & c0nd0r · cremotelinux

https://www.exploit-db.com/exploits/19087

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in ProFTPD and wu-ftpd due to improper bounds checking in the 'realpath' function. It allows remote code execution by creating an unusually long pathname to overwrite the stack and execute arbitrary commands as root.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ProFTPD versions 1.2.0pre1 and earlier, wu-ftpd 2.4.2 (beta 18) VR9 and earlier

Auth required

Prerequisites: Write access to the FTP server · Knowledge of target system addresses for 'system' and shellcode placement

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by smiler & cossack · cremotelinux

https://www.exploit-db.com/exploits/19086

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in ProFTPD and wu-ftpd due to improper bounds checking in the `realpath` function. It crafts a long directory path to overwrite the stack and execute arbitrary shellcode, leading to remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ProFTPD <= 1.2.0pre1, wu-ftpd <= 2.4.2 VR9

Auth required

Prerequisites: Valid FTP credentials · Write permissions on the FTP server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0368

Scores

EPSS 0.3923

EPSS Percentile 98.4%

Details

Status published

Products (17)

caldera/openlinux 1.3

debian/debian_linux 2.0

proftpd_project/proftpd 1.2_pre1

redhat/linux 5.0

redhat/linux 5.1

sco/openserver 5.0

sco/openserver 5.0.2

sco/openserver 5.0.3

sco/openserver 5.0.4

sco/openserver 5.0.5

... and 7 more

Published Feb 09, 1999

Tracked Since Feb 18, 2026