|
Family: FTP --> Category: mixed
MS FTPd DoS Vulnerability Scan
Vulnerability Scan Summary Checks if the remote ftp can be crashed
Detailed Explanation for this Vulnerability Test
It was possible to make the remote FTP server crash
by sending the command 'STAT *?AAAAA....AAAAA'
There is a bug in certain versions of Microsoft FTP server
which can be exploited in this fashion. In addition, other
FTP servers may react adversely to such a string.
A possible hacker may use this flaw to prevent your FTP server
from working properly
Solution : see http://www.microsoft.com/technet/security/bulletin/ms02-018.mspx
CAVEAT: If your FTP server is not a Microsoft product, then contact your FTP
vendor for a patch.
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|