bftpd Multiple Command Remote Overflow

Critical Nessus Plugin ID 10579


The remote FTP server has a remote buffer overflow vulnerability.


The version of bftpd running on the remote host is vulnerable to a remote buffer overflow attack when issued very long arguments to the SITE CHOWN command. A remote attacker could exploit this issue to crash the FTP server, or possibly execute arbitrary code.


Upgrade to bftpd version 1.0.24 or later.

See Also

Plugin Details

Severity: Critical

ID: 10579

File Name: bftpd_chown.nasl

Version: $Revision: 1.36 $

Type: remote

Family: FTP

Published: 2000/12/16

Modified: 2016/11/15

Dependencies: 18367, 10079, 19782, 10092

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:W/RC:ND

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2000/10/27

Reference Information

CVE: CVE-2001-0065, CVE-2000-0943

BID: 2120

OSVDB: 477, 1620