WU-FTPD fileutils/coreutils ls -w Argument Memory Consumption DoS

High Nessus Plugin ID 11912


The remote FTP server is affected by a denial of service vulnerability.


The version of WU-FTPD on the remote server uses a vulnerable version of /bin/ls. It does not filter arguments to /bin/ls, which could lead to a DoS. It is possible to consume all available memory on the machine by sending :

ls '-w 1000000 -C'


Contact your vendor for a fix.

See Also


Plugin Details

Severity: High

ID: 11912

File Name: wuftpd_ls_DoS.nasl

Version: $Revision: 1.20 $

Type: remote

Family: FTP

Published: 2003/10/29

Modified: 2014/12/26

Dependencies: 10092, 10079

Risk Information

Risk Factor: High


Base Score: 7.8

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2003/05/16

Reference Information

CVE: CVE-2003-0853, CVE-2003-0854

BID: 8875

OSVDB: 4620, 4621

Secunia: 10059


zone-h: 3299