| VID |
16131 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The remote host is running a version of WS_FTP earlier than 6.1.1. Such versions are reportedly affected by multiple vulnerabilities :
- Improper handling of UDP packets within the FTP log server may allow an attacker to crash the affected service. (CVE-2008-0608)
- There is a buffer overflow vulnerability in the SSH Server service that can be triggered when handling arguments to the 'opendir' command. (CVE-2008-0590)
- An attacker can exploit a vulnerability in the 'FTPLogServer/LogViewer.asp' script to gain access to the log viewing interface. (CVE-2008-5692)
* References:
http://www.ipswitchft.com/support/ws_ftp_server/releases/wr611.asp
http://www.securityfocus.com/archive/1/487506/30/0/threaded
http://www.securityfocus.com/archive/1/487441/30/0/threaded
* Platforms Affected:
WS_FTP Server 6. |
| Recommendation |
Upgrade to WS_FTP Server 6.1.1 or later |
| Related URL |
CVE-2008-0590,CVE-2008-0608,CVE-2008-5692,CVE-2008-5693 (CVE) |
| Related URL |
27573,27612,27654 (SecurityFocus) |
| Related URL |
(ISS) |
|
