WinFTP Server PASV Command Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running WinFTP Server and is prone to Denial of Service Vulnerability.

Impact

Successful exploitation will let the user crash the application to cause denial of service.

Solution

Solution/Patch not available as on 19th December 2008. For updates refer, http://www.wftpserver.com/wftpserver.htm

Insight

The flaw is due to an error when handling the PASV and NLST commands. These can be exploited through sending multiple login request ending with PASV command.

Affected

Win FTP Server version 2.3.0 or prior.

References

http://secunia.com/advisories/32209

Updated on 2017-03-28

Severity

Classification

CVE CVE-2008-5666

CVSS	Base Score: 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P

Related Vulnerabilities

Wireshark IKE Packet Denial of Service Vulnerability (Win)
OpenOffice senddoc Insecure Temporary File Creation Vulnerability (Win)
Cisco VPN Client for Windows 'StartServiceCtrlDispatche' Local Denial of Service Vulnerability
TheGreenBow IPSec VPN Client Denial Of Service Vulnerability
Oracle VM VirtualBox Unspecified Denial of Service Vulnerability (Windows)

WinFTP Server PASV Command Denial of Service Vulnerability

Take action and discover your vulnerabilities