Security readout for executives and security teams
Plain-English summary
CVE-1999-1301 is an old Z-Modem file-transfer design issue. A malicious remote sender could cause the receiving client to run arbitrary programs in affected implementations. The source names FreeBSD rz in the rzsz module before FreeBSD 2.1.5, and says other programs may also be affected.
Executive priority
Treat this as a legacy exposure review, not an emergency, unless Z-Modem/rzsz is still used in sensitive environments. Prioritize removal or upgrade where present because the stated impact is arbitrary program execution on the receiving client.
Technical view
The flaw is described as a protocol design issue in Z-Modem as implemented by rz/rzsz. Impact is client-side arbitrary program execution triggered by a remote file sender. Public source data provides no CVSS, CWE, detailed affected matrix, exploit status, or comprehensive remediation details beyond FreeBSD before 2.1.5.
Likely exposure
Likely limited to legacy systems or environments still using Z-Modem/rz/rzsz for file transfer. Exposure is highest where users receive files over terminal sessions from untrusted or semi-trusted remote systems. Modern environments are less likely exposed unless compatibility tooling remains installed.
Exploitation context
No active exploitation is identified in the provided sources, and the CVE is not listed as KEV in the bundle. The described attack requires interaction with a Z-Modem file-transfer receiver and a malicious or compromised sender. The sources do not provide exploit details.
Researcher notes
Source evidence is sparse and historical. The affected statement names FreeBSD rz/rzsz before 2.1.5 and only says other programs are possible. Avoid broad product conclusions without confirming implementation behavior or vendor documentation.
Mitigation direction
- Identify any use of Z-Modem, rz, or rzsz in legacy workflows.
- For FreeBSD, ensure systems are not running versions before 2.1.5.
- Remove unused Z-Modem/rz/rzsz tools from managed endpoints.
- Restrict file transfers from untrusted remote systems.
- Check current vendor guidance for any non-FreeBSD Z-Modem implementations.
Validation and detection
- Inventory systems for installed rz, sz, or rzsz components.
- Review legacy terminal and modem file-transfer workflows.
- Confirm FreeBSD versions where rz/rzsz is present.
- Verify whether users receive files from untrusted remote hosts.
- Document any third-party Z-Modem clients and check vendor advisories.
Public sources used
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CVE-1999-1301 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Unknown
- CVSS
- Not scored
- Known Exploited
- No
- Published
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS and timeline data
No CVSS vectors or timeline events were available in the normalized CVE source material.
Source materials
- CVE List V5 sourceCVE List V5
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
