PlatinumFTPServer username Multiple Connection Handling Remote Format String

medium Nessus Plugin ID 17321

Synopsis

The remote FTP server is susceptible to a denial of service attack.

Description

The installed version of PlatinumFTPserver on the remote host suffers from a denial of service vulnerability. Specifically, when a user tries to login with a username containing a backslash, '\', the application displays a dialog box and stops the login process until an administrator acknowledges a message. After several such connection attempts, the ftp server daemon reportedly crashes.

Solution

Unknown at this time.

See Also

https://www.securityfocus.com/archive/1/393038

Plugin Details

Severity: Medium

ID: 17321

File Name: platinum_ftp_malformed_username_dos.nasl

Version: 1.17

Type: remote

Family: FTP

Published: 3/14/2005

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Excluded KB Items: ftp/ncftpd, ftp/msftpd, ftp/fw1ftpd, ftp/vxftpd

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 12/24/2003

Reference Information

CVE: CVE-2005-0779

BID: 12790