WS_FTP XCRC buffer overflow

2006-09-22T00:00:00
ID SAINT:F0435CCCEA2A2B4931DDEB58407A645B
Type saint
Reporter SAINT Corporation
Modified 2006-09-22T00:00:00

Description

Added: 09/22/2006
CVE: CVE-2006-4847
BID: 20076
OSVDB: 28939

Background

WS_FTP Server is an FTP server for Windows platforms.

Problem

Buffer overflows in multiple FTP commands allow an authenticated attacker to execute arbitrary commands.

Resolution

Upgrade to WS_FTP Server 5.05 Hotfix 1.

References

<http://secunia.com/advisories/21932>

Limitations

Exploit works on WS_FTP Server 5.05 and requires a valid FTP user and password.

Platforms

Windows NT 4.0 SP3
Windows NT 4.0 SP4
Windows NT 4.0 SP5
Windows NT 4.0 SP6 / Windows NT 4.0
Windows 2000 SP0
Windows 2000 SP1
Windows 2000 SP2
Windows 2000 SP3
Windows 2000 SP4 / Windows 2000
Windows XP SP0
Windows XP SP1
Windows XP SP2 / Windows XP
Windows Server 2003