WU-FTPD QUOTE PASV Forced Core Dump Information Disclosure

medium Nessus Plugin ID 10086

Synopsis

The remote FTP server is affected by an information disclosure vulnerability.

Description

The remote FTP server fails to handle QUOTE PASV requests for logged in users. An attacker can send a specially crafted requests to cause the service to die and dump core. The core file contains the usernames and passwords of all users.

Solution

Upgrade your FTP server to the latest version.

See Also

http://www.nessus.org/u?b7814f27

Plugin Details

Severity: Medium

ID: 10086

File Name: ftp_pasv_on_connect.nasl

Version: 1.37

Type: remote

Family: FTP

Published: 6/22/1999

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P

Vulnerability Information

Vulnerability Publication Date: 10/14/1996

Reference Information

CVE: CVE-1999-0075