Multiple Vendor FTP Multiple PASV Command Port Exhaustion DoS

medium Nessus Plugin ID 10085

Synopsis

The remote FTP server is affected by a remote denial of service vulnerability.

Description

The remote FTP server allows users to make any amount of PASV commands, thus blocking the free ports for legitimate services and consuming file descriptors. An unauthenticated attacker could exploit this flaw to crash the FTP service.

Solution

Apply the patches as per the references.

See Also

http://www.nessus.org/u?c20a7602

Plugin Details

Severity: Medium

ID: 10085

File Name: ftp_pasv_dos.nasl

Version: 1.36

Type: remote

Family: FTP

Published: 6/22/1999

Updated: 7/11/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Required KB Items: Settings/ParanoidReport, ftp/login

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 7/1/1997

Reference Information

CVE: CVE-1999-0079

BID: 271

Secunia: 14285