WS_FTP < 3.1.2 SITE CPWD Buffer Overflow
High Nessus Network Monitor Plugin ID 1832
SynopsisThe remote host is vulnerable to a buffer overflow.
DescriptionThis host is running a version of WS_FTP FTP server prior to 3.1.2. Versions earlier than 3.1.2 contain an unchecked buffer in routines that handle the 'CPWD' command arguments. The 'CPWD' command allows remote users to change their password. By issuing a malformed argument to the CPWD command, a user could overflow a buffer and execute arbitrary code on this host. Note that a local user account is required.
SolutionUpgrade to version 3.1.2 or higher.