WS_FTP Server STAT Command Remote Overflow

Critical Nessus Plugin ID 14585


The remote FTP server has a buffer overflow vulnerability.


According to its banner, the version of WS_FTP running on the remote host has a buffer overflow vulnerability. Sending a 'STAT' command followed by a very long argument results in a buffer overflow. A remote attacker could exploit this to execute arbitrary code.


Upgrade to the latest version of WS_FTP.

Plugin Details

Severity: Critical

ID: 14585

File Name: wsftp_stat_buf_overflow.nasl

Version: $Revision: 1.17 $

Type: remote

Family: FTP

Published: 2004/08/31

Modified: 2011/11/28

Dependencies: 10092, 10079

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

BID: 3507

OSVDB: 51703