Signature Detail
Short Name |
FTP:VULN:WS-FTP-4-0-2 |
|---|---|
Severity |
Info |
Recommended |
No |
Category |
FTP |
Keywords |
ftp server vulnerable version |
Release Date |
2005/01/24 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
FTP: Vulnerable Ipswitch WS_FTP Version (< 4.0.3)
This signature detects Ipswitch WS_FTP 4.0.2 and earlier versions. Attackers can exploit multiple vulnerabilities found in these versions to remotely run malicous code on the server.
Extended Description
Multiple vulnerabilities have been identified in the WS_FTP Server and client applications. These vulnerabilities may allow remote attackers to execute arbitrary code, cause denial of service attacks and gain administrative level access to a server. The issues include two remote buffer overflow vulnerabilities in the client, a denial of service vulnerability in the server and an access validation issue in the server leading to remote command execution with SYSTEM privileges. These issues are undergoing further analysis. This BID will be divided into separate issues as analysis is completed.
Affected Products
- Ipswitch WS_FTP Pro 6.0.0
- Ipswitch WS_FTP Pro 7.5.0
- Ipswitch WS_FTP Pro 8.0.0 2
- Ipswitch WS_FTP Pro 8.0.0 3
- Ipswitch WS FTP Server 1.0.1
- Ipswitch WS FTP Server 1.0.2
- Ipswitch WS FTP Server 1.0.3
- Ipswitch WS FTP Server 1.0.4
- Ipswitch WS FTP Server 1.0.5
- Ipswitch WS FTP Server 2.0.0
- Ipswitch WS FTP Server 2.0.1
- Ipswitch WS FTP Server 2.0.2
- Ipswitch WS FTP Server 2.0.3
- Ipswitch WS FTP Server 2.0.4
- Ipswitch WS FTP Server 3.0.0
- Ipswitch WS FTP Server 3.0.0 1
- Ipswitch WS FTP Server 3.1.0
- Ipswitch WS FTP Server 3.1.1
- Ipswitch WS FTP Server 3.1.2
- Ipswitch WS FTP Server 3.1.3
- Ipswitch WS FTP Server 3.4.0
- Ipswitch WS FTP Server 4.0.0
- Ipswitch WS FTP Server 4.0.0 1
- Ipswitch WS FTP Server 4.0.0 2
References
- BugTraq: 9953
- CVE: CVE-2004-1886
- CVE: CVE-2004-1885