EFTP .lnk File Upload Overflow DoS

Critical Nessus Network Monitor Plugin ID 1833

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack.

Description

It was possible to crash the EFTP service by uploading a *.lnk file containing too much data. An attacker may use this to make this service crash continuously or run arbitrary code on your system.

Solution

No solution is known at this time.

See Also

http://archives.neohapsis.com/archives/bugtraq/2001-09/0100.html

Plugin Details

Severity: Critical

ID: 1833

Family: FTP Servers

Published: 2004/08/20

Modified: 2016/01/19

Dependencies: 1803, 1804, 3222

Nessus ID: 10928

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Reference Information

CVE: CVE-2001-1112

BID: 3330