Multiple FTP Server setproctitle Function Arbitrary Command Execution

Medium Nessus Plugin ID 11391


The remote FTP server is susceptible to a remote command execution attack.


The remote FTP server misuses the function setproctitle() and may allow an attacker to gain a root shell on this host by logging in as 'anonymous' and providing a carefully crafted format string as its email address.


Install the latest patches from your vendor.

See Also

Plugin Details

Severity: Medium

ID: 11391

File Name: ftp_setproctitle.nasl

Version: $Revision: 1.23 $

Type: remote

Family: FTP

Published: 2003/03/15

Modified: 2015/12/23

Dependencies: 10092, 10079

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

Required KB Items: ftp/anonymous, Settings/ParanoidReport

Excluded KB Items: global_settings/supplied_logins_only

Vulnerability Publication Date: 2000/07/05

Reference Information

CVE: CVE-2000-0574

BID: 1425, 1438

OSVDB: 7541