WS_FTP Server SITE CPWD Command Remote Overflow

high Nessus Plugin ID 11098

Synopsis

Arbitrary code can be run on the remote FTP server.

Description

This host is running a version of WS_FTP FTP server prior to 3.1.2. Versions earlier than 3.1.2 contain an unchecked buffer in routines that handle the 'CPWD' command arguments. The 'CPWD' command allows remote users to change their password. By issuing a malformed argument to the CPWD command, a user could overflow a buffer and execute arbitrary code on this host. Note that a local user account is required.

Solution

The vendor has released a patch that fixes this issue. Please install the latest patch available from the vendor's website at http://www.ipswitch.com/support/.

Plugin Details

Severity: High

ID: 11098

File Name: DDI_ws_ftp-server-cpwd-bo.nasl

Version: 1.20

Type: remote

Family: FTP

Published: 8/21/2002

Updated: 6/27/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 8/8/2002

Reference Information

CVE: CVE-2002-0826

BID: 5427

Detections

Analytics