CVE-1999-0079 is a vulnerability affecting the BisonWare FTP Server version 3.5, where remote attackers can cause a denial of service (DoS) by issuing multiple PASV (passive mode) commands. The PASV command in FTP instructs the server to open a port for data transfer. In this vulnerability, repeated PASV commands cause the server to allocate multiple ports without properly releasing them, eventually exhausting the pool of available ports. This resource exhaustion prevents legitimate FTP connections from being established, effectively causing a denial of service. The vulnerability does not affect confidentiality or integrity but impacts availability by making the FTP service unusable. The CVSS score is 5.0 (medium severity), with an attack vector of network (remote), low attack complexity, no authentication required, and no impact on confidentiality or integrity, only availability. No patches are available for this vulnerability, and no known exploits have been reported in the wild. Given the age of the vulnerability (published in 1997) and the specific affected product, this issue is primarily relevant for legacy systems still running BisonWare FTP Server 3.5 or similar versions without mitigations.

For European organizations, the primary impact of this vulnerability is the potential disruption of FTP services used for file transfers, which may affect business operations relying on legacy FTP infrastructure. While modern organizations have largely moved to more secure file transfer protocols, some sectors, especially in industrial, governmental, or legacy IT environments, may still use BisonWare FTP Server or similar outdated FTP servers. An attacker exploiting this vulnerability could cause service outages, leading to operational delays, loss of productivity, and potential reputational damage if critical data transfers are interrupted. Since the vulnerability does not allow data theft or modification, the impact is limited to availability. However, denial of service on FTP servers can indirectly affect compliance with data handling or service availability regulations in Europe, such as GDPR or sector-specific mandates.

Given that no patch is available for this vulnerability, European organizations should consider the following specific mitigations: 1) Disable or restrict FTP services running BisonWare FTP Server 3.5, especially on internet-facing systems. 2) Implement network-level controls such as firewall rules or intrusion prevention systems (IPS) to detect and block excessive PASV commands or unusual FTP session behaviors indicative of an attack. 3) Limit the range of passive mode ports configured on the FTP server to a small, controlled set and monitor port usage to detect exhaustion attempts. 4) Where possible, migrate from BisonWare FTP Server to modern, actively maintained FTP servers or more secure file transfer protocols (e.g., SFTP or FTPS) that are not vulnerable to this issue. 5) Employ rate limiting on FTP commands to prevent rapid repeated PASV requests from a single source. 6) Monitor FTP server logs for unusual PASV command patterns and investigate anomalies promptly. These targeted mitigations go beyond generic advice by focusing on controlling PASV command abuse and limiting exposure of legacy FTP services.