Multiple Vendor FTP Multiple PASV Command Port Exhaustion DoS

This script is Copyright (C) 1999-2014 Tenable Network Security, Inc.


Synopsis :

The remote FTP server is affected by a remote denial of service
vulnerability.

Description :

The remote FTP server allows users to make any amount of PASV
commands, thus blocking the free ports for legitimate services and
consuming file descriptors. An unauthenticated attacker could exploit
this flaw to crash the FTP service.

See also :

http://www.nessus.org/u?c20a7602

Solution :

Apply the patches as per the references.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.8
(CVSS2#E:F/RL:U/RC:C)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 10085 (ftp_pasv_dos.nasl)

Bugtraq ID: 271

CVE ID: CVE-1999-0079