Strike ID:
E19-7t3d1
CVSS:
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
False Positive:
t
Variants:
1
Year:
2019

Description

A logic error exists in ProFTPD 1.3.6rc2, resulting in infinite loops getting triggered by commands with 4100 or more characters. An unauthenticated, remote attacker can exploit this vulnerability by sending an excessively long command to the target server. Successful exploitation causes an infinite loop leading to full CPU usage.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}