Multiple FTP Server Command Handling Overflow

critical Nessus Plugin ID 10084


The remote FTP server is susceptible to buffer overflow attacks.


The remote FTP server closes the connection when a command or argument is too long. This is probably due to a buffer overflow and may allow an attacker to execute arbitrary code on the remote host.


Upgrade / switch the FTP server software or disable the service if it is not needed.

Plugin Details

Severity: Critical

ID: 10084

File Name: ftp_overflow.nasl

Version: 1.86

Type: remote

Family: FTP

Published: 6/22/1999

Updated: 1/16/2024

Supported Sensors: Nessus

Risk Information


Risk Factor: High

Score: 7.3


Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2005-1415


Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

Required KB Items: ftp/login, ftp/password

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 7/1/1997

Exploitable With

Core Impact

Metasploit (GlobalSCAPE Secure FTP Server Input Overflow)

Reference Information

CVE: CVE-1999-0219, CVE-2000-0870, CVE-2000-0943, CVE-2000-1035, CVE-2000-1194, CVE-2002-0126, CVE-2003-0271, CVE-2005-0634, CVE-2005-1415

BID: 269, 1227, 1675, 1690, 1858, 3884, 7251, 7278, 7307, 12704, 13454