Detections
Analytics
freeFTPd Multiple Command Malformed Argument Remote DoS
medium Nessus Plugin ID 20247
Language:
Synopsis
The remote FTP server is prone by to denial of service attacks.Description
The remote host appears to be using freeFTPd, a free FTP / FTPS / SFTP server for Windows.The version of freeFTPd installed on the remote host crashes if it receives a PORT command with a port number from an authenticated user. In addition, the application reportedly will freeze for a period of time if it receives a PASV command with user-supplied data.
Solution
Unknown at this time.See Also
https://www.securityfocus.com/archive/1/417602/30/0/threaded
Plugin Details
Severity: Medium
ID: 20247
File Name: freeftpd_port_dos.nasl
Version: 1.22
Type: remote
Family: FTP
Published: 11/29/2005
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.3
Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C
Vulnerability Information
CPE: cpe:/a:freeftpd:freeftpd
Required KB Items: ftp/login, ftp/password
Exploit Available: true
Exploit Ease: Exploits are available
Vulnerability Publication Date: 11/24/2005
Reference Information
CVE: CVE-2005-3812
BID: 15557