SlimFTPd Username/Password Overflow Remote DoS

medium Nessus Plugin ID 19588

Synopsis

The remote FTP server is prone to a denial of service attack.

Description

The remote host appears to be using SlimFTPd, a free, small, standards-compliant FTP server for Windows.

The installed version of SlimFTPd on the remote host suffers from a denial of service vulnerability. By sending 'user' and 'pass' commands that are each 40 bytes long, an attacker will crash the service after about a short period of time.

Solution

Unknown at this time.

See Also

http://www.critical.lt/?vuln/8

Plugin Details

Severity: Medium

ID: 19588

File Name: slimftpd_dos.nasl

Version: 1.14

Type: remote

Family: FTP

Published: 9/6/2005

Updated: 7/27/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 8/31/2005

Reference Information

CVE: CVE-2005-2850

BID: 14723