Vulnerabilities > CVE-2008-7265 - Resource Management Errors vulnerability in Proftpd
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2191.NASL description Several vulnerabilities have been discovered in ProFTPD, a versatile, virtual-hosting FTP daemon : - CVE-2008-7265 Incorrect handling of the ABOR command could lead to denial of service through elevated CPU consumption. - CVE-2010-3867 Several directory traversal vulnerabilities have been discovered in the mod_site_misc module. - CVE-2010-4562 A SQL injection vulnerability was discovered in the mod_sql module. last seen 2020-03-17 modified 2011-03-15 plugin id 52660 published 2011-03-15 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52660 title Debian DSA-2191-1 : proftpd-dfsg - several vulnerabilities NASL family FTP NASL id PROFTPD_1_3_2_RC3.NASL description The remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host is earlier than 1.3.2rc3 and is affected by a Denial of Service vulnerability via an ABOR command during a data transfer. last seen 2020-06-01 modified 2020-06-02 plugin id 106751 published 2018-02-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106751 title ProFTPD < 1.3.2rc3 ABOR Denial of Service