WS_FTP Server STAT Command Remote Overflow

critical Nessus Plugin ID 14585

Synopsis

The remote FTP server has a buffer overflow vulnerability.

Description

According to its banner, the version of WS_FTP running on the remote host has a buffer overflow vulnerability. Sending a 'STAT' command followed by a very long argument results in a buffer overflow. A remote attacker could exploit this to execute arbitrary code.

Solution

Upgrade to the latest version of WS_FTP.

Plugin Details

Severity: Critical

ID: 14585

File Name: wsftp_stat_buf_overflow.nasl

Version: 1.19

Type: remote

Family: FTP

Published: 8/31/2004

Updated: 8/8/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

BID: 3507