Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.WSFTP_CLASSIC_FLAWS.NASL
HistorySep 01, 2004 - 12:00 a.m.

WS_FTP Server Multiple Vulnerabilities (Bounce, PASV Hijacking)

2004-09-0100:00:00
This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
www.tenable.com
39
JSON

According to its version number, the remote WS_FTP server is vulnerable to session hijacking during passive connections and to an FTP bounce attack when a user submits a specially crafted FTP command.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(14599);
  script_version("1.21");
  script_cvs_date("Date: 2018/11/15 20:50:22");

  script_cve_id("CVE-1999-0017");
  script_bugtraq_id(6050, 6051);

  script_name(english:"WS_FTP Server Multiple Vulnerabilities (Bounce, PASV Hijacking)");
  script_summary(english:"Check WS_FTP server version");
 
  script_set_attribute(
    attribute:"synopsis",
    value:"The remote FTP server has multiple vulnerabilities."
  );
  script_set_attribute(
    attribute:"description",
    value:
"According to its version number, the remote WS_FTP server is
vulnerable to session hijacking during passive connections and to an
FTP bounce attack when a user submits a specially crafted FTP
command."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://seclists.org/bugtraq/1995/Jul/46"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Upgrade to the latest version of this software."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"plugin_publication_date", value: "2004/09/01");
  script_set_attribute(attribute:"vuln_publication_date", value: "1995/07/12");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();
 
  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
  script_family(english:"FTP");

  script_dependencie("ftpserver_detect_type_nd_version.nasl");
  script_require_ports("Services/ftp", 21);
 
  exit(0);
}

#now the code

include ("ftp_func.inc");

port = get_ftp_port(default: 21);

banner = get_ftp_banner(port:port);
if ( ! banner ) exit(1);

if (egrep(pattern:"WS_FTP Server ([0-2]\.|3\.(0\.|1\.[0-3][^0-9]))", string: banner))
	security_hole(port);

Related

cve 4
nessus 1
openvas 1
securityvulns 2
prion 2
osv 2
debiancve 1
github 1
cert 1
cve
cve
CVE-1999-0017
1997-12-10 05:00:00
CVE-2007-2150
2007-04-19 10:19:00
CVE-2006-6947
2007-01-23 02:28:00
nessus
nessus
FTP Privileged Port Bounce Scan
1999-06-22 00:00:00
openvas
openvas
WS FTP Server Session Hijacking Vulnerability (Nov 2005)
2005-11-03 00:00:00
securityvulns
securityvulns
[Full-disclosure] Canon Multi Function Devices vulnerable to FTP bounce attack
2008-02-29 00:00:00
Multiple Vulnerabilities and Enhancements in ftpd on IRIX
2003-03-25 00:00:00
prion
prion
Command injection
2007-04-19 10:19:00
Sql injection
2010-10-19 20:00:00
osv
osv
Improper privilege management in pyftpdlib
2022-05-01 18:45:58
PYSEC-2010-25
2010-10-19 20:00:00
debiancve
debiancve
CVE-2007-6741
2010-10-19 20:00:00
github
github
Improper privilege management in pyftpdlib
2022-05-01 18:45:58
cert
cert
File Transfer Protocol allows data connection hijacking via PASV mode race condition
2002-04-29 00:00:00
JSON
Related for WSFTP_CLASSIC_FLAWS.NASL
cve4nessus1openvas1securityvulns2prion2osv2debiancve1github1cert1