CVE-2006-5000

Summary

CVE	CVE-2006-5000
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2006-09-26 20:07:00 UTC
Updated	2023-10-11 14:45:00 UTC
Description	Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Ipswitch	Ws Ftp Server	5.02	All	All	All
Application	Ipswitch	Ws Ftp Server	5.03	All	All	All
Application	Ipswitch	Ws Ftp Server	5.05	All	All	All
Application	Ipswitch	Ws Ftp Server	5.02	All	All	All
Application	Ipswitch	Ws Ftp Server	5.03	All	All	All
Application	Ipswitch	Ws Ftp Server	5.05	All	All	All
Application	Progress	Ipswitch Ws Ftp Server	5.0.2	All	All	All
Application	Progress	Ipswitch Ws Ftp Server	5.0.2	All	All	All
Application	Progress	Ws Ftp Server	5.0.2	All	All	All

References

Reference	Source	Link	Tags
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
SecurityFocus	BUGTRAQ	www.securityfocus.com
Ipswitch, Inc. - WS_FTP Server Patches & Upgrades	CONFIRM	www.ipswitch.com	Patch
ZDI-06-029	MISC	www.zerodayinitiative.com	Vendor Advisory
SecurityTracker.com Archives - WS_FTP Buffer Overflow in XCRC, XSHA1, and XMD5 Commands Lets Remote Authenticated Users Execute Arbitrary Code	SECTRACK	securitytracker.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.