oftpd PORT Command Remote DoS

medium Nessus Plugin ID 12125

Language:

Synopsis

The remote host has an application that is affected by a denial of service vulnerability.

Description

The remote FTP server seems to be running oftpd version 0.3.6 or older. There is a bug in this version which may allow an attacker to disable this service remotely by sending a malformed PORT command.

An attacker may exploit this flaw to prevent this system from doing its job.

Solution

Upgrade to oftpd 0.3.7 or newer

Plugin Details

Severity: Medium

ID: 12125

File Name: oftpd_dos.nasl

Version: 1.17

Type: remote

Family: FTP

Published: 4/4/2004

Updated: 7/16/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Required KB Items: ftp/login, ftp/wuftpd

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 3/25/2004

Reference Information

CVE: CVE-2004-0376

BID: 9980