SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   WS_FTP Vendors:   Ipswitch
Ipswitch WS_FTP Server Buffer Overflow in SITE CPWD Command Processing Lets Remote Users Execute Arbitrary Code With System Level Privileges
SecurityTracker Alert ID:  1004998
SecurityTracker URL:  http://securitytracker.com/id/1004998
CVE Reference:   CVE-2002-0826   (Links to External Site)
Date:  Aug 8 2002
Impact:   Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.1.1
Description:   A vulnerability was reported in the Ipswitch WS_FTP server. A remote authenticated user can trigger a buffer overflow to execute arbitrary code with System level privileges.

A remote authenticated user can reportedly send a specially crafted 'site cpwd' command to overwrite the EIP register and cause arbitrary code to be executed.

This is apparently due to an unchecked string copy function.

According to the report, the password changing feature is enabled by default.

The original @stake advisory is available at:

http://www.atstake.com/research/advisories/2002/a080802-1.txt

Impact:   A remote user can cause arbitrary code to be executed with System level privileges.
Solution:   The vendor has released a patch, available at:

ftp://ftp.ipswitch.com/ipswitch/product_support/WS_FTP_Server/ifs312.exe

For additional information on applying patches, see:

http://www.ipswitch.com/Support/WS_FTP-Server/patch-upgrades.html

Vendor URL:  www.ipswitch.com/Support/WS_FTP-Server/patch-upgrades.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (NT), Windows (2000), Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC