|
Family: FTP --> Category: infos
WS_FTP SITE CPWD Buffer Overflow Vulnerability Scan
Vulnerability Scan Summary Checks FTP server banner for vulnerable version of WS_FTP Server
Detailed Explanation for this Vulnerability Test
This host is running a version of WS_FTP FTP server prior to 3.1.2.
Versions earlier than 3.1.2 contain an unchecked buffer in routines that
handle the 'CPWD' command arguments. The 'CPWD' command allows remote
users to change their password. By issuing a malformed argument to the
CPWD command, a user could overflow a buffer and execute arbitrary code
on this host. Note that a local user account is required.
The vendor has released a patch that fixes this issue. Please install
the latest patch available from the vendor's website at
http://www.ipswitch.com/support/.
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|