FTP: WS FTP Server "SITE CPWD" Buffer Overflow
This signature detects attempts to exploit a known vulnerability against WS FTP Server. The code that handles arguments to the SITE CPWD command, which allows users to change their password, contains an unchecked string copy. Attackers can send a maliciously crafted argument in the SITE CPWD command to overflow the buffer and overwrite the return address.
Extended Description
Ipswitch WS_FTP Server, is a FTP server for Microsoft Windows platforms. Ipswitch WS FTP Server contains a remote buffer overflow vulnerability related to the CPWD command, used to modify an authenticated user's password. Oversized parameters may corrupt process memory, possibly leading to the execution of arbitrary code as the server process. This issue has been reported in WS_FTP Server 3.1.1. Earlier versions may share this vulnerability, this has not however been confirmed.
Affected Products
Ipswitch ws_ftp_server
References
BugTraq: 5427
CVE: CVE-2002-0826
URL: http://www.ipswitch.com/Support/WS_FTP-Server/patch-upgrades.html
Short Name
FTP:WS-FTP:CPWD
Severity
Minor
Recommended
False
Recommended Action
None
Category
FTP
Keywords
"SITE Buffer CPWD" CVE-2002-0826 FTP Overflow Server WS bid:5427
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Ipswitch
CVSS Score
7.5