FTP : WS_FTP Server Multiple Vulnerabilities (Nov 2005)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.14598

Categoría: FTP

Título: WS_FTP Server Multiple Vulnerabilities (Nov 2005)

Resumen: WS_FTP Server is prone to multiple vulnerabilities.

Descripción: Summary:
WS_FTP Server is prone to multiple vulnerabilities.

Vulnerability Insight:
The following vulnerabilities exist:

- A buffer overflow, caused by a vulnerability in the ALLO handler, an attacker can then execute
arbitrary code

- A flaw which allow an attacker to gain elevated privileges (SYSTEM level privileges)

- A local or remote attacker, with write privileges on a directory can create a specially crafted
file containing a large REST argument and resulting to a denial of service.

Solution:
Update to the latest version.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-1848
BugTraq ID: 9953
http://www.securityfocus.com/bid/9953
Bugtraq: 20040323 How to crash a harddisk - the Ipswitch WS_FTP Server way (Google Search)
http://marc.info/?l=bugtraq&m=108006717731989&w=2
http://www.osvdb.org/4542
http://securitytracker.com/id?1009529
http://secunia.com/advisories/11206
XForce ISS Database: wsftp-rest-dos(15560)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15560
XForce ISS Database: wsftp-rest-stor-dos(41831)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41831
Common Vulnerability Exposure (CVE) ID: CVE-2004-1883
Bugtraq: 20040323 ALLO ALLO WS_FTP Server (Google Search)
http://marc.info/?l=bugtraq&m=108006553222397&w=2
Bugtraq: 20040323 Think of the buffers! Won't somebody think of the buffers?! (Google Search)
http://www.securityfocus.com/archive/1/358361
XForce ISS Database: wsftp-allo-bo(15561)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15561
Common Vulnerability Exposure (CVE) ID: CVE-2004-1884
Bugtraq: 20040323 Open the WS_FTP Server backdoor to SYSTEM (Google Search)
http://marc.info/?l=bugtraq&m=108006581418116&w=2
XForce ISS Database: wftp-site-gain-priviliege(15558)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15558
Common Vulnerability Exposure (CVE) ID: CVE-2004-1885
Common Vulnerability Exposure (CVE) ID: CVE-2004-1886

Copyright Copyright (C) 2005 David Maciejak

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.14598
Categoría:	FTP
Título:	WS_FTP Server Multiple Vulnerabilities (Nov 2005)
Resumen:	WS_FTP Server is prone to multiple vulnerabilities.
Descripción:	Summary: WS_FTP Server is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - A buffer overflow, caused by a vulnerability in the ALLO handler, an attacker can then execute arbitrary code - A flaw which allow an attacker to gain elevated privileges (SYSTEM level privileges) - A local or remote attacker, with write privileges on a directory can create a specially crafted file containing a large REST argument and resulting to a denial of service. Solution: Update to the latest version. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1848 BugTraq ID: 9953 http://www.securityfocus.com/bid/9953 Bugtraq: 20040323 How to crash a harddisk - the Ipswitch WS_FTP Server way (Google Search) http://marc.info/?l=bugtraq&m=108006717731989&w=2 http://www.osvdb.org/4542 http://securitytracker.com/id?1009529 http://secunia.com/advisories/11206 XForce ISS Database: wsftp-rest-dos(15560) https://exchange.xforce.ibmcloud.com/vulnerabilities/15560 XForce ISS Database: wsftp-rest-stor-dos(41831) https://exchange.xforce.ibmcloud.com/vulnerabilities/41831 Common Vulnerability Exposure (CVE) ID: CVE-2004-1883 Bugtraq: 20040323 ALLO ALLO WS_FTP Server (Google Search) http://marc.info/?l=bugtraq&m=108006553222397&w=2 Bugtraq: 20040323 Think of the buffers! Won't somebody think of the buffers?! (Google Search) http://www.securityfocus.com/archive/1/358361 XForce ISS Database: wsftp-allo-bo(15561) https://exchange.xforce.ibmcloud.com/vulnerabilities/15561 Common Vulnerability Exposure (CVE) ID: CVE-2004-1884 Bugtraq: 20040323 Open the WS_FTP Server backdoor to SYSTEM (Google Search) http://marc.info/?l=bugtraq&m=108006581418116&w=2 XForce ISS Database: wftp-site-gain-priviliege(15558) https://exchange.xforce.ibmcloud.com/vulnerabilities/15558 Common Vulnerability Exposure (CVE) ID: CVE-2004-1885 Common Vulnerability Exposure (CVE) ID: CVE-2004-1886
Copyright	Copyright (C) 2005 David Maciejak