WU-FTPD SITE NEWER Command Memory Exhaustion DoS

Medium Nessus Plugin ID 10319


The remote FTP server has a denial of service vulnerability.


The remote WU-FTPD server accepts the command 'SITE NEWER'.
Some WU-FTPD servers (and probably others) are vulnerable to a resource exhaustion where an attacker may invoke this command to use all the memory available on the server.


Make sure that you are running the latest version of your FTP server. If you are a WU-FTPD user, then make sure that you are using at least version 2.6.0.

*** This warning may be irrelevant.

See Also


Plugin Details

Severity: Medium

ID: 10319

File Name: wu_ftpd_site_newer.nasl

Version: $Revision: 1.40 $

Type: remote

Family: FTP

Published: 1999/10/29

Modified: 2016/11/15

Dependencies: 10079, 10092

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

Vulnerability Information

Required KB Items: ftp/login, ftp/wuftpd, Settings/ParanoidReport

Vulnerability Publication Date: 1999/10/19

Reference Information

CVE: CVE-1999-0880

BID: 737

OSVDB: 249