Multiple Vendor FTP Multiple PASV Command Port Exhaustion DoS

Medium Nessus Plugin ID 10085


The remote FTP server is affected by a remote denial of service vulnerability.


The remote FTP server allows users to make any amount of PASV commands, thus blocking the free ports for legitimate services and consuming file descriptors. An unauthenticated attacker could exploit this flaw to crash the FTP service.


Apply the patches as per the references.

See Also

Plugin Details

Severity: Medium

ID: 10085

File Name: ftp_pasv_dos.nasl

Version: $Revision: 1.35 $

Type: remote

Family: FTP

Published: 1999/06/22

Modified: 2014/05/26

Dependencies: 10079, 10092

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:F/RL:U/RC:C

Vulnerability Information

Required KB Items: ftp/login, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1997/07/01

Reference Information

CVE: CVE-1999-0079

BID: 271

OSVDB: 958

Secunia: 14285