| VID |
16083 |
| Severity |
30 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The WS FTP server, according to its version number, has a CWD command Denial of Service Vulnerability. WS FTP Server, developed by Ipswitch, is an FTP server for Microsoft Windows platforms. WS_FTP Server versions 1.0.1E and 1.0.2E are vulnerable to a denial of service attack, caused by insufficient boundary checks for the 'CWD' command along with overly long characters. A remote authenticated attacker could send a CWD command with more than 876 characters and cause the FTP service to crash.
* Note: This check solely relied on the version number of the remote WS FTP server to assess this vulnerability, so this might be a false positive.
* References:
http://www.eeye.com/html/Research/Advisories/AD19990202.html
http://www.osvdb.org/displayvuln.php?osvdb_id=937
* Platforms Affected:
Ipswitch, Inc., WS_FTP Server 1.0.1 EVAL
Ipswitch, Inc., WS_FTP Server 1.0.2 EVAL
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of WS_FTP Server (5.02 or later), available from the Ipswitch WS_FTP server's "Patches & Upgrades site" at http://www.ipswitch.com/support/WS_FTP-Server/patch-upgrades.html |
| Related URL |
CVE-1999-0362 (CVE) |
| Related URL |
217 (SecurityFocus) |
| Related URL |
1694 (ISS) |
|
