ProFTPD STAT Command Remote DoS

High Nessus Plugin ID 10634


The remote FTP server is affected by a denial of service vulnerability.


The remote FTP server is affected by a denial of service vulnerability that is triggered when it receives a specially crafted STAT command.
A remote attacker can exploit this to cause the consumption of all available memory.


If using ProFTPD, upgrade to version 1.2.2 and modify the configuration file to include :

DenyFilter \*.*/ Otherwise, contact the vendor for a solution.

See Also

Plugin Details

Severity: High

ID: 10634

File Name: proftpd_exhaust.nasl

Version: $Revision: 1.39 $

Type: remote

Family: FTP

Published: 2001/03/16

Modified: 2016/02/01

Dependencies: 10079, 10092

Risk Information

Risk Factor: High


Base Score: 7.1

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:H/RL:W/RC:ND

Vulnerability Information

CPE: cpe:/a:proftpd:proftpd

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2002/12/09

Reference Information

BID: 6341

OSVDB: 10768