WS_FTP Server < 6.1.1 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 4361
SynopsisThe remote host is vulnerable to multiple attack vectors.
DescriptionThis host is running a vulnerable version of WS_FTP FTP server. Versions up to and including 6.1.0 are reported prone to multiple flaws:
- A vulnerability caused by an improper handling of UDP packets within the FTP log server. An attacker can exploit this to crash the affected service. (CVE-2008-0608)
- A buffer overflow vulnerability in the SSH server service when handling arguments to the 'opendir' command. (CVE-2008-0590)
- An information disclosure vulnerability when processing HTTP requests for the 'FTPLogServer/LogViewer.asp' script. An attacker can exploit this to gain access to the log viewing interface. (CVE-2008-5692)
SolutionUpgrade to version 6.1.1 or higher.