vsftpd vsf_filename_passes_filter Function Denial of Service

Medium Nessus Plugin ID 52704


The remote FTP server is prone to a denial of service attack.


According to its self-reported version number, the instance of vsftpd listening on the remote server is earlier than 2.3.3 and, as such, may be affected by a denial of service vulnerability.

An error exists in the function 'vsf_filename_passes_filter()' in 'ls.c' that allows resource intensive glob expressions to be processed with the 'STAT' command. Using numerous IP addresses to bypass an FTP-sessions-per-IP-address limit, a remote attacker can carry out a denial of service attack.

Note that Nessus did not actually test for the flaw but instead has relied on the version in vsftpd's banner.


Update to vsftpd 2.3.4 or later. [While version 2.3.3 actually addresses this issue, 2.3.4 was released the same day to address a problem compiling the earlier version.]

See Also




Plugin Details

Severity: Medium

ID: 52704

File Name: vsftpd_2_3_3.nasl

Version: $Revision: 1.7 $

Type: remote

Family: FTP

Published: 2011/03/17

Modified: 2016/05/19

Dependencies: 52703

Risk Information

Risk Factor: Medium


Base Score: 4

Temporal Score: 3.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

Required KB Items: ftp/vsftpd, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/02/15

Vulnerability Publication Date: 2011/03/01

Reference Information

CVE: CVE-2011-0762

BID: 46617

OSVDB: 73340

EDB-ID: 16270