freeFTPd Multiple Command Malformed Argument Remote DoS

Medium Nessus Plugin ID 20247


The remote FTP server is prone by to denial of service attacks.


The remote host appears to be using freeFTPd, a free FTP / FTPS / SFTP server for Windows.

The version of freeFTPd installed on the remote host crashes if it receives a PORT command with a port number from an authenticated user. In addition, the application reportedly will freeze for a period of time if it receives a PASV command with user-supplied data.


Unknown at this time.

See Also

Plugin Details

Severity: Medium

ID: 20247

File Name: freeftpd_port_dos.nasl

Version: $Revision: 1.20 $

Type: remote

Family: FTP

Published: 2005/11/29

Modified: 2016/11/01

Dependencies: 10092

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C

Temporal Vector: CVSS2#E:F/RL:ND/RC:ND

Vulnerability Information

CPE: cpe:/a:freeftpd:freeftpd

Required KB Items: ftp/login, ftp/password

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2005/11/24

Reference Information

CVE: CVE-2005-3812

BID: 15557

OSVDB: 21108