EFTP .lnk File Upload Overflow DoS

critical Nessus Network Monitor Plugin ID 1833

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack.

Description

It was possible to crash the EFTP service by uploading a *.lnk file containing too much data. An attacker may use this to make this service crash continuously or run arbitrary code on your system.

Solution

No solution is known at this time.

See Also

http://archives.neohapsis.com/archives/bugtraq/2001-09/0100.html

Plugin Details

Severity: Critical

ID: 1833

Family: FTP Servers

Published: 8/20/2004

Updated: 3/6/2019

Nessus ID: 10928

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:khamil_landross_and_zack_jones:eftp

Reference Information

CVE: CVE-2001-1112

BID: 3330