WFTP Out of Sequence RNTO Command Remote DoS

This script is Copyright (C) 2000-2015 Tenable Network Security, Inc.


Synopsis :

The remote FTP server is affected by a denial of service
vulnerability.

Description :

The remote Windows NT FTP (WFTP) server is affected by a denial of
service vulnerability. An authenticated, remote attacker can crash the
FTP server by issuing an out of sequence RENAME TO (RNTO) command.

An attacker may use this flaw to prevent you from publishing content
using FTP.

Solution :

Upgrade to WFTPD version 2.41 RC11.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVSS Temporal Score : 4.0
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 10466 ()

Bugtraq ID: 1456

CVE ID: CVE-2000-0648