Crob FTP Server user Field Remote Format String

Critical Nessus Plugin ID 11687


The remote FTP server has a format string vulnerability.


The version of Crob FTP server running on the remote host has a format string vulnerability when processing the USER command. A remote attacker could exploit this to crash the service, or possibly execute arbitrary code.


Upgrade to Crob FTP server 2.50.10 or later.

See Also

Plugin Details

Severity: Critical

ID: 11687

File Name: crobftp_format_string.nasl

Version: $Revision: 1.14 $

Type: remote

Family: FTP

Published: 2003/06/02

Modified: 2011/03/11

Dependencies: 10079, 10092

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Required KB Items: ftp/login

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2003/06/02

Reference Information

BID: 7776

OSVDB: 4640

Secunia: 8929