This script is Copyright (C) 1999-2014 Tenable Network Security, Inc.
The remote FTP server is affected by a buffer overflow vulnerability.
It was possible to crash the remote FTP server by issuing a specially
crafted command, such as 'NLST aaaXXXX%u%[...]%u%u%u%%u%653300u%n'
where 'XXXX' is replaced with four characters - ASCII values 0xDC,
0x4F, 0x07 and 0x08. This issue is known to affect ProFTPD version
1.2.0pre6, although other FTP servers may be affected as well.
It is likely that a remote attacker can leverage this issue to execute
arbitrary code on the remote host, subject to the privileges under
which the service runs.
See also :
If running ProFTPD, upgrade to version 1.2.0pre7 or later
contact the vendor to see if an update exists.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : true
Nessus Plugin ID: 10191 ()
Bugtraq ID: 612
CVE ID: CVE-1999-0911
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.