WU-FTPD SITE NEWER Command Memory Exhaustion DoS

This script is Copyright (C) 1999-2013 Tenable Network Security, Inc.

Synopsis :

The remote FTP server has a denial of service vulnerability.

Description :

The remote WU-FTPD server accepts the command 'SITE NEWER'.
Some WU-FTPD servers (and probably others) are vulnerable
to a resource exhaustion where an attacker may invoke
this command to use all the memory available on the server.

See also :


Solution :

Make sure that you are running the latest version of your FTP
server. If you are a WU-FTPD user, then make sure that you are
using at least version 2.6.0.

*** This warning may be irrelevant.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 5.0

Family: FTP

Nessus Plugin ID: 10319 ()

Bugtraq ID: 737

CVE ID: CVE-1999-0880