Vermillion FTPD Long CWD Commands DoS

medium Nessus Plugin ID 10293

Synopsis

The remote host has an application that is affected by a denial of service vulnerability.

Description

It was possible to make the remote FTP server crash by issuing the commands :

CWD <buffer> CWD <buffer> CWD <buffer>

Where <buffer> is longer than 504 chars.

An attacker can use this problem to prevent your FTP server from working properly, thus preventing legitimate users from using it.

Solution

upgrade your FTP to the latest version, or change it.

Plugin Details

Severity: Medium

ID: 10293

File Name: vftpd_overflow.nasl

Version: 1.35

Type: remote

Family: FTP

Published: 11/22/1999

Updated: 8/6/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Required KB Items: ftp/login

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 11/22/1999

Reference Information

CVE: CVE-1999-1058

BID: 818

Detections

Analytics