Family: FTP --> Category: infos
WS_FTP SITE CPWD Buffer Overflow Vulnerability Scan
Vulnerability Scan Summary
Checks FTP server banner for vulnerable version of WS_FTP Server
Detailed Explanation for this Vulnerability Test
This host is running a version of WS_FTP FTP server prior to 3.1.2.
Versions earlier than 3.1.2 contain an unchecked buffer in routines that
handle the 'CPWD' command arguments. The 'CPWD' command allows remote
users to change their password. By issuing a malformed argument to the
CPWD command, a user could overflow a buffer and execute arbitrary code
on this host. Note that a local user account is required.
The vendor has released a patch that fixes this issue. Please install
the latest patch available from the vendor's website at
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.