TYPSoft FTP Server <= 1.10 Multiple DoS

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote FTP server is affected by multiple denial of service
vulnerabilities.

Description :

The remote host appears to be using TYPSoft FTP Server, a small FTP
server for Windows.

According to its banner, the version of TYPSoft FTP Server installed
on the remote host is 1.10 or earlier. Such versions suffer from
several denial of service vulnerabilities.

A remote attacker, possibly using anonymous access, can cause the
server to stop responding by sending it an 'ABOR' command without any
active file transfer in progress or can crash it by sending any one of
a number of specially crafted FTP commands.

See also :

http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0336.html
http://www.securityfocus.com/archive/1/508048/30/0/threaded

Solution :

Remove the affected service or use another product as TYPSoft is no
longer supported.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.8
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 20012 ()

Bugtraq ID: 15104
34901
37114
40181
51891
52554

CVE ID: CVE-2005-3294
CVE-2009-1668
CVE-2009-4105
CVE-2012-5329