| VID |
16119 |
| Severity |
30 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
A version of SlimFTPd FTP server which is older than 3.18 has been installed on the host. SlimFTPd is a free, small FTP server for Microsoft Windows platforms. SlimFTPd version 3.17 and earlier versions are vulnerable to a denial of service attack. By sending 'user' and 'pass' commands that are each 40 bytes long, a remote attacker could cause a denial of service.
* Note: This check solely relied on the banner of the remote FTP server to assess this vulnerability, so this might be a false positive.
* References:
http://www.critical.lt/?vulnerabilities/8
http://www.sans.org/newsletters/risk/display.php?v=4&i=36
* Platforms Affected:
WhitSoft Development, SlimFTPd version 3.17 and earlier versions
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of SlimFTPd (3.18 or later), available from the SlimFTPd Web page at http://www.whitsoftdev.com/slimftpd/ |
| Related URL |
CVE-2005-2850 (CVE) |
| Related URL |
14723 (SecurityFocus) |
| Related URL |
22254 (ISS) |
|
