WFTPD 2.41 rc11 Unauthenticated MLST Command Remote DoS

This script is Copyright (C) 2000-2015 Tenable Network Security, Inc.


Synopsis :

The remote server is vulnerable to a denial of service.

Description :

The remote FTP server crashes when the command 'MLST a' is issued right
after connecting to it.

An attacker may use this flaw to prevent you from publishing anything
using FTP.

Solution :

If you are using wftp, then upgrade to version 2.41 RC12, if you are
not, then contact your vendor for a fix.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 10487 ()

Bugtraq ID: 1506

CVE ID: CVE-2000-0647
CVE-2000-0647

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial