| VID |
22276 |
| Severity |
40 |
| Port |
21,80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The 4D WebSTAR server, according to its banner, has a Remote FTP Buffer Overflow Vulnerability.
4D WebSTAR Server is a software product that provides Web, FTP, and Mail services for Mac OS X. 4D WebSTAR 5.3.2 and earlier are vulnerable to a stack-based buffer overflow in the FTP service, caused by a failure of the application to properly verify buffer boundaries when storing user supplied input into internal, static buffers. By sending a long FTP command, a remote attacker could overflow a buffer and possibly execute arbitrary code on the system with WebSTAR user and group id 'wheel' privileges.
* Note: This check solely relied on the banner of the remote 4D WebSTAR server and whether the FTP service is running, to assess this vulnerability, so this might be a False Positive.
* References:
http://www.securityfocus.com/archive/1/368778
* Platforms Affected:
4D WebSTAR V 5.3.2 and earlier
Apple Mac OS 10.3.3 and earlier |
| Recommendation |
Upgrade to the latest version of 4D WebSTAR Server (5.3.3 or later), available from the WebSTAR FTP site at ftp://ftp.4d.com/products/WebSTAR/Current/4D_WebSTAR_V/ |
| Related URL |
CVE-2004-0695 (CVE) |
| Related URL |
10720 (SecurityFocus) |
| Related URL |
16686 (ISS) |
|
