Detections
Analytics
ProFTPD STAT Command Remote DoS
high Nessus Plugin ID 10634
Synopsis
The remote FTP server is affected by a denial of service vulnerability.Description
The remote FTP server is affected by a denial of service vulnerability that is triggered when it receives a specially crafted STAT command.A remote attacker can exploit this to cause the consumption of all available memory.
Solution
If using ProFTPD, upgrade to version 1.2.2 and modify the configuration file to include :DenyFilter \*.*/ Otherwise, contact the vendor for a solution.
See Also
https://www.securityfocus.com/archive/1/303007/30/0/threaded
Plugin Details
Severity: High
ID: 10634
File Name: proftpd_exhaust.nasl
Version: 1.42
Type: remote
Family: FTP
Published: 3/16/2001
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
CVSS v2
Risk Factor: High
Base Score: 7.1
Temporal Score: 5.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C
Vulnerability Information
CPE: cpe:/a:proftpd:proftpd
Exploit Available: true
Exploit Ease: No exploit is required
Vulnerability Publication Date: 12/9/2002
Reference Information
BID: 6341