WU-FTPD QUOTE PASV Forced Core Dump Information Disclosure

Medium Nessus Plugin ID 10086


The remote FTP server is affected by an information disclosure vulnerability.


The remote FTP server fails to handle QUOTE PASV requests for logged in users. An attacker can send a specially crafted requests to cause the service to die and dump core. The core file contains the usernames and passwords of all users.


Upgrade your FTP server to the latest version.

See Also


Plugin Details

Severity: Medium

ID: 10086

File Name: ftp_pasv_on_connect.nasl

Version: $Revision: 1.35 $

Type: remote

Family: FTP

Published: 1999/06/22

Modified: 2013/01/25

Dependencies: 10092

Risk Information

Risk Factor: Medium


Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P

Vulnerability Information

Vulnerability Publication Date: 1996/10/14

Reference Information

CVE: CVE-1999-0075

OSVDB: 5742