vsftpd vsf_filename_passes_filter Function Denial of Service

medium Nessus Plugin ID 52704


The remote FTP server is prone to a denial of service attack.


According to its self-reported version number, the instance of vsftpd listening on the remote server is earlier than 2.3.3 and, as such, may be affected by a denial of service vulnerability.

An error exists in the function 'vsf_filename_passes_filter()' in 'ls.c' that allows resource intensive glob expressions to be processed with the 'STAT' command. Using numerous IP addresses to bypass an FTP-sessions-per-IP-address limit, a remote attacker can carry out a denial of service attack.

Note that Nessus did not actually test for the flaw but instead has relied on the version in vsftpd's banner.


Update to vsftpd 2.3.4 or later. [While version 2.3.3 actually addresses this issue, 2.3.4 was released the same day to address a problem compiling the earlier version.]

See Also




Plugin Details

Severity: Medium

ID: 52704

File Name: vsftpd_2_3_3.nasl

Version: 1.9

Type: remote

Family: FTP

Published: 3/17/2011

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information


Risk Factor: Medium

Score: 4.4


Risk Factor: Medium

Base Score: 4

Temporal Score: 3.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Vulnerability Information

Required KB Items: Settings/ParanoidReport, ftp/vsftpd

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/15/2011

Vulnerability Publication Date: 3/1/2011

Reference Information

CVE: CVE-2011-0762

BID: 46617