WU-FTPD SITE NEWER Command Memory Exhaustion DoS

This script is Copyright (C) 1999-2013 Tenable Network Security, Inc.


Synopsis :

The remote FTP server has a denial of service vulnerability.

Description :

The remote WU-FTPD server accepts the command 'SITE NEWER'.
Some WU-FTPD servers (and probably others) are vulnerable
to a resource exhaustion where an attacker may invoke
this command to use all the memory available on the server.

See also :

http://archives.neohapsis.com/archives/cc/1999-q4/0024.html

Solution :

Make sure that you are running the latest version of your FTP
server. If you are a WU-FTPD user, then make sure that you are
using at least version 2.6.0.

*** This warning may be irrelevant.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:H/RL:U/RC:ND)

Family: FTP

Nessus Plugin ID: 10319 ()

Bugtraq ID: 737

CVE ID: CVE-1999-0880