Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 1999-2018 Tenable Network Security, Inc.FTP_PASV_ON_CONNECT.NASL
HistoryJun 22, 1999 - 12:00 a.m.

WU-FTPD QUOTE PASV Forced Core Dump Information Disclosure

1999-06-2200:00:00
This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.
www.tenable.com
60
JSON

The remote FTP server fails to handle QUOTE PASV requests for logged in users. An attacker can send a specially crafted requests to cause the service to die and dump core. The core file contains the usernames and passwords of all users.

#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if(description)
{
 script_id(10086);
 script_version ("1.37");
 script_cve_id("CVE-1999-0075");

 script_name(english:"WU-FTPD QUOTE PASV Forced Core Dump Information Disclosure");
 script_summary(english:"Issues a PASV command on connecting");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote FTP server is affected by an information disclosure
vulnerability." );
 script_set_attribute(attribute:"description", value:
"The remote FTP server fails to handle QUOTE PASV requests for logged
in users. An attacker can send a specially crafted requests to cause
the service to die and dump core. The core file contains the usernames
and passwords of all users." );
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b7814f27" );
 script_set_attribute(attribute:"solution", value:
"Upgrade your FTP server to the latest version." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");

 script_set_attribute(attribute:"plugin_publication_date", value: "1999/06/22");
 script_set_attribute(attribute:"vuln_publication_date", value: "1996/10/14");
 script_cvs_date("Date: 2018/11/15 20:50:22");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 
 script_category(ACT_ATTACK);
 
 script_copyright(english:"This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.");
 script_family(english:"FTP");
	       
 script_dependencie("ftpserver_detect_type_nd_version.nasl");
 script_require_ports("Services/ftp", 21);
 exit(0);
}

#
# The script code starts here
#

include("ftp_func.inc");
include("global_settings.inc");


port = get_ftp_port(default: 21);

banner = get_ftp_banner(port:port);
if (!banner) exit(1);
 
 # False positive in WinGate and FireWall 1
 if("WinGate Engine" >< banner)exit(0);
 if("Check Point FireWall-1" >< banner)exit(0);
 if("vsftp" >< banner) exit(0);
 
 if ( report_paranoia < 2 && "SunOS" >!< banner  ) exit(0);


soc = open_sock_tcp(port);
if (! soc) exit(1);

h = ftp_recv_line(socket:soc);
if (!h) exit(1);

if(egrep(pattern:"^220.*", string:h))
{
  send(socket:soc, data:'HELP\r\n');
  c = ftp_recv_line(socket:soc);
  if ( ! c ) exit(0);

  send(socket:soc, data: 'PASV\r\n');
  c = ftp_recv_line(socket:soc);
  if(!c)security_warning(port);
}
close(soc);

Related

cvelist 1
cve 1
cvelist
cvelist
CVE-1999-0075
1999-09-29 04:00:00
cve
cve
CVE-1999-0075
1996-10-16 04:00:00
JSON
Related for FTP_PASV_ON_CONNECT.NASL
cvelist1cve1