| VID |
16030 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
WS_FTP FTP server prior to 3.1.2 is vulnerable to a buffer overflow vulnerability.
Ipswitch WS_FTP Server, is a FTP server for Microsoft Windows platforms.
WS_FTP Server version 3.1.1 and possible other versions have a remote buffer overflow vulnerability related to the CPWD command, used to modify an authenticated user's password.
This vulnerability is caused by impropoer bounds checking of the CPWD command. By sending a oversized parameters to the CPWD command, a remote attacker can overflow a buffer and corrupt process memory, possibly leadig to the execution of arbitrary code on the server with SYSTEM privileges.
* Note : Actually this vulnerability assessment requires a local user account, but this check item solely relies on the version information of the banner.
* References:
http://online.securityfocus.com/bid/5427
http://www.iss.net/security_center/static/9794.php |
| Recommendation |
Install the latest patch available from the Ipswitch website at http://www.ipswitch.com/support/.
-- OR --
Upgrade to the latest version of WS_FTP Server (3.1.2 or later), available from the Ipswitch FTP site at ftp://ftp.ipswitch.com/ipswitch/product_support/WS_FTP_Server/ifs312.exe |
| Related URL |
CVE-2002-0826 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
