WS_FTP Server < 5.04 Multiple Vulnerabilities (2)

Critical Nessus Network Monitor Plugin ID 2436

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

This host is running a vulnerable version of WS_FTP Server. Versions up to and including 5.03 are reported prone to multiple buffer overflows that may be used by an attacker to execute arbitary code on the remote system.

Solution

Upgrade to version 5.04 or higher.

Plugin Details

Severity: Critical

ID: 2436

Family: FTP Servers

Published: 2004/11/30

Modified: 2018/07/11

Dependencies: 1803, 1804

Nessus ID: 15857

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ipswitch:ws_ftp_server

Exploitable With

Metasploit (WS-FTP Server 5.03 MKD Overflow)

Reference Information

CVE: CVE-2004-1135

BID: 11772