Windows 98 FTP MS/DOS Device Name Request DoS

high Nessus Plugin ID 10929

Synopsis

The remote Windows host is affected by a denial of service vulnerability.

Description

It was possible to freeze or reboot Windows by reading a MS/DOS device through FTP, using a file name like CON\CON, AUX.htm, or AUX.

An attacker may use this flaw to continuously crash the affected host, preventing users from working properly.

Solution

Apply the patch from the above reference.

See Also

http://www.nessus.org/u?ee2e4e40

Plugin Details

Severity: High

ID: 10929

File Name: ftp_w98_devname_dos.nasl

Version: 1.32

Type: remote

Family: FTP

Published: 3/29/2002

Updated: 1/16/2024

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score based on an in-depth analysis by tenable.

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

Required KB Items: ftp/login, Host/Win9x