What is CVE-1999-1119?

CVE-1999-1119 is a publicly disclosed cybersecurity vulnerability with a HIGH severity rating and CVSS score of 10.

How to search for CVE vulnerabilities?

You can search the 4nuxd CVE database using CVE IDs, vendor names, product names, or severity levels.

CVE-1999-1119

HIGH10.0/ 10.0

Published: April 27, 1992 at 04:00 AM

Modified: April 3, 2025 at 01:03 AM

Source: cve@mitre.org

Vulnerability Description

FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands.

CVSS Metrics

Base Score

10.0

Severity

HIGH

Vector String

AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses (CWE)

NVD-CWE-Other

Source: nvd@nist.gov

AI Security Analysis

01 // Technical Summary

Remote attackers can gain complete control of vulnerable AIX systems due to a critical flaw in the anon.ftp installation script. This insecure configuration of anonymous FTP allows for arbitrary command execution, leading to potential data breaches, system compromise, and denial-of-service conditions.

02 // Vulnerability Mechanism

Step 1: Reconnaissance: The attacker identifies a target AIX system with an open FTP port (port 21).

Step 2: Anonymous Login: The attacker attempts to connect to the FTP server using the anonymous credentials (username: anonymous, password: user@example.com or similar).

Step 3: Command Injection: The attacker crafts a malicious command, potentially using the SITE command or other FTP commands that are then executed on the server.

Step 4: Command Execution: The vulnerable anon.ftp script, due to its insecure configuration, executes the attacker's injected command with elevated privileges.

Step 5: System Compromise: The attacker gains control of the system, potentially installing backdoors, stealing data, or disrupting services.

03 // Deep Technical Analysis

The vulnerability stems from the anon.ftp script's insecure configuration of the anonymous FTP service. Specifically, the script likely fails to properly sanitize or restrict commands executed within the FTP environment. This allows attackers to inject malicious commands, potentially through the SITE command or other FTP commands that are then executed with elevated privileges. The root cause is a lack of input validation and secure configuration practices during the setup of the anonymous FTP service. The script likely grants excessive permissions to the anonymous FTP user, allowing them to execute commands that should be restricted.