This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The remote FTP server is prone to a denial of service attack.
According to its self-reported version number, the instance of vsftpd
listening on the remote server is earlier than 2.3.3 and, as such, may
be affected by a denial of service vulnerability.
An error exists in the function 'vsf_filename_passes_filter()' in
'ls.c' that allows resource intensive glob expressions to be processed
with the 'STAT' command. Using numerous IP addresses to bypass an
FTP-sessions-per-IP-address limit, a remote attacker can carry out a
denial of service attack.
Note that Nessus did not actually test for the flaw but instead has
relied on the version in vsftpd's banner.
See also :
Update to vsftpd 2.3.4 or later. [While version 2.3.3 actually
addresses this issue, 2.3.4 was released the same day to address a
problem compiling the earlier version.]
Risk factor :
Medium / CVSS Base Score : 4.0
CVSS Temporal Score : 3.3
Public Exploit Available : true
Nessus Plugin ID: 52704 ()
Bugtraq ID: 46617
CVE ID: CVE-2011-0762
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.