Dragon FTP USER Command Remote Overflow

Critical Nessus Plugin ID 10450


The remote FTP server has a remote buffer overflow vulnerability.


It was possible to crash the remote FTP server by issuing a USER command followed by a very long argument (over 16,000 characters).
This is likely due to a remote buffer overflow vulnerability. A remote attacker could exploit this to crash the server, or possibly execute arbitrary code.


Upgrade to the latest version of your FTP server.

Plugin Details

Severity: Critical

ID: 10450

File Name: dragon_ftp.nasl

Version: $Revision: 1.24 $

Type: remote

Family: FTP

Published: 2000/06/27

Modified: 2011/03/11

Dependencies: 10079, 10092, 17975

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2000/06/16

Reference Information

CVE: CVE-2000-0479

BID: 1352

OSVDB: 349