SAINT CorporationSAINT:22E748F5A7B92EEC222C63EB3E05B3E1WS_FTP MKD command buffer overflow
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.115 Low
EPSS
Percentile
95.1%
Added: 03/10/2006
CVE: CVE-2004-1135
BID: 11772
OSVDB: 12509
Background
WS_FTP Server is an FTP server for Windows platforms.
Problem
A buffer overflow vulnerability in the **MKD** command could allow an attacker to execute commands on the server. If the anonymous FTP account is enabled, the attacker would not need to know a valid login and password in order to exploit the vulnerability.
Resolution
Upgrade to WS_FTP Server 5.04 or higher.
References
<http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1330.html>
Limitations
Exploit works on WS_FTP Server 5.03 and requires a valid FTP user name and password.
Platforms
Windows
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.115 Low
EPSS
Percentile
95.1%