TurboFTP Server < 1.00.720 DoS

This script is Copyright (C) 2010-2011 Tenable Network Security, Inc.


Synopsis :

The remote FTP server is affected by a denial of service
vulnerability.

Description :

According to its banner, the remote host is running a version of
TurboFTP Server earlier than 1.00.720. Such versions are reportedly
affected by a denial of service vulnerability.

By sending an overly long parameter to 'DELE' FTP command, it may be
possible for an authenticated FTP user to crash the affected service.

See also :

http://www.nessus.org/u?b52591ba
http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0202.html
http://www.tbsoftinc.com/tbserver/turboftp-server-releasenotes.htm

Solution :

Upgrade to TurboFTP Server V1.00.720 or later.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVSS Temporal Score : 3.1
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 43877 ()

Bugtraq ID: 37726

CVE ID: