Ipswitch WS_FTP Long Site Command Buffer Overflow Vulnerability

Bugtraq ID:	23260
Class:	Boundary Condition Error
CVE:	CVE-2006-4974
Remote:	No
Local:	Yes
Published:	Apr 02 2007 12:00AM
Updated:	Apr 03 2007 06:22PM
Credit:	Marsu is credited with the discovery of this vulnerability.
Vulnerable:	Ipswitch WS FTP Server 5.05
Not Vulnerable:

Ipswitch WS_FTP Long Site Command Buffer Overflow Vulnerability

Ipswitch WS_FTP is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker may exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial of service.

This issue affects version 5.05; other versions may also be affected.

Ipswitch WS_FTP Long Site Command Buffer Overflow Vulnerability

The following exploit is available:

• /data/vulnerabilities/exploits/23260.c

Ipswitch WS_FTP Long Site Command Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Ipswitch WS_FTP Long Site Command Buffer Overflow Vulnerability

References:

• WS FTP Homepage (IpSwitch)