SurgeFTP LEAK Command Remote DoS

medium Nessus Plugin ID 18000

Synopsis

The remote FTP server is susceptible to a denial of service attack.

Description

The remote host is running a version of SurgeFTP that is prone to a denial of service vulnerability when processing the non-standard LEAK command. Reportedly, an attacker can issue two of these commands without authenticating and cause the ftp daemon process to crash.

Solution

Upgrade to SurgeFTP 2.2m2 or later.

See Also

http://www.security.org.sg/vuln/surgeftp22m1.html

https://seclists.org/bugtraq/2005/Apr/104

Plugin Details

Severity: Medium

ID: 18000

File Name: surgeftp_leak_dos.nasl

Version: 1.16

Type: remote

Family: FTP

Published: 4/8/2005

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 4/7/2005

Reference Information

CVE: CVE-2005-1034

BID: 13054