PlatinumFTPServer username Multiple Connection Handling Remote Format String

Medium Nessus Plugin ID 17321


The remote FTP server is susceptible to a denial of service attack.


The installed version of PlatinumFTPserver on the remote host suffers from a denial of service vulnerability. Specifically, when a user tries to login with a username containing a backslash, '\', the application displays a dialog box and stops the login process until an administrator acknowledges a message. After several such connection attempts, the ftp server daemon reportedly crashes.


Unknown at this time.

See Also

Plugin Details

Severity: Medium

ID: 17321

File Name: platinum_ftp_malformed_username_dos.nasl

Version: $Revision: 1.15 $

Type: remote

Family: FTP

Published: 2005/03/14

Modified: 2011/03/11

Dependencies: 10092

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:H/RL:U/RC:C

Vulnerability Information

Excluded KB Items: ftp/msftpd, ftp/ncftpd, ftp/fw1ftpd, ftp/vxftpd

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2003/12/24

Reference Information

CVE: CVE-2005-0779

BID: 12790

OSVDB: 3217