| VID |
16008 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The WS FTP server, according to its version number, has a STAT command Buffer Overflow Vulnerability.
WS FTP Server, developed by Ipswitch, is an FTP server for Microsoft Windows platforms. WS
Server versions 2.0.3 and earlier are vulnerable to a buffer overflow vulnerability, caused by improper bounds checking of the STAT command. By submitting a 'STAT' command along with arbitrary characters (approx. 479 bytes) to the server, a remote attacker could overflow a buffer and overwrite stack variables to execute arbitrary code on the system with system level privileges.
* Note: This check solely relied on the version number of the remote WS FTP server to assess this vulnerability, so this might be a false positive.
* References:
http://www.kb.cert.org/vuls/id/986843
* Platforms Affected:
Ipswitch, Inc., WS_FTP Server 2.0.3 and earlier
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of WS_FTP Server (2.0.4 or later), available from the Ipswitch WS_FTP server's "Patches & Upgrades site" at http://www.ipswitch.com/support/WS_FTP-Server/patch-upgrades.html |
| Related URL |
(CVE) |
| Related URL |
3507 (SecurityFocus) |
| Related URL |
7472 (ISS) |
|
