TYPSoft FTP Server <= 1.10 Multiple DoS

medium Nessus Plugin ID 20012

Synopsis

The remote FTP server is affected by multiple denial of service vulnerabilities.

Description

The remote host appears to be using TYPSoft FTP Server, a small FTP server for Windows.

According to its banner, the version of TYPSoft FTP Server installed on the remote host is 1.10 or earlier. Such versions suffer from several denial of service vulnerabilities.

A remote attacker, possibly using anonymous access, can cause the server to stop responding by sending it an 'ABOR' command without any active file transfer in progress or can crash it by sending any one of a number of specially crafted FTP commands.

Solution

Remove the affected service or use another product as TYPSoft is no longer supported.

See Also

https://seclists.org/fulldisclosure/2005/Oct/351

https://www.securityfocus.com/archive/1/508048/30/0/threaded

Plugin Details

Severity: Medium

ID: 20012

File Name: typsoftftp_retr0_dos.nasl

Version: 1.28

Type: remote

Family: FTP

Published: 10/14/2005

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.1

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Required KB Items: ftp/typsoftftp

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 10/13/2005

Exploitable With

Core Impact

Reference Information

CVE: CVE-2005-3294, CVE-2009-1668, CVE-2009-4105, CVE-2012-5329

BID: 15104, 34901, 37114, 40181, 51891, 52554

CWE: 20