Multiple Vendor FTPD on Windows Floppy Request CPU Consumption DoS

medium Nessus Plugin ID 10822

Synopsis

The remote FTP server may be vulnerable to a denial of service.

Description

It is possible for a remote user to cause a denial of service on a host running Serv-U FTP Server, G6 FTP Server or WarFTPd Server. Repeatedly submitting an 'a:/' GET or RETR request, appended with arbitrary data, will cause the CPU usage to spike to 100%.

Nessus identified the remote server as running version 1.71 of WarFTPd.

Solution

Upgrade to the latest version of WarFTPd or contact your FTP vendor for details.

Plugin Details

Severity: Medium

ID: 10822

File Name: multiple_ftpd_dos.nasl

Version: 1.20

Type: remote

Family: FTP

Published: 12/6/2001

Updated: 8/22/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2/17/2001

Reference Information

BID: 2698