E-Mail:
Get our new Windows 7 eBook (PDF) for $7 with 70+ Tips. Download Now!

WS_FTP Server FTP Commands Buffer Overflow Vulnerabilities

Tuesday, November 30th, 2004
by Marc Erickson

  • No Related Post

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
WS_FTP Server 5.x, WS_FTP Server 4.x, WS_FTP Server 3.x

Reed Arvin has discovered some vulnerabilities in WS_FTP Server, which can be exploited by malicious users to compromise a vulnerable system.

The vulnerabilities are caused due to boundary errors within the handling of the “SITE”, “XMKD”, “MKD”, and “RNFR” commands. This can be exploited to cause a buffer overflow by supplying an overly long argument (about 768 bytes).

Successful exploitation allows execution of arbitrary code.

The vulnerabilities have been confirmed in version 5.03. Other versions may also be affected.

NOTE: Exploit code has been published.

Solution:
Grant only trusted users access to a vulnerable server.

Filter overly long arguments in a FTP proxy.

Tags
Categories

What Do You Think?

 

Posted Recently

Internet Search Process Affects Cognition, Emotion

Quantum Gas Microscope Offers Glimpse Of Quirky Ultracold Atoms

‘The Eyes Have It’ For ID Verification

Research Leads To Improved Human, Object Detection Technology

How Saturated Fatty Acids ‘Anger’ The Immune System (And How To Stop Them)

Hooks Hijacked? New Research Shows How To Block Stealthy Malware Attacks

Researchers Unlock The ‘Sound Of Learning’

African Desert Rift Confirmed As New Ocean In The Making

High Definition Volume Rendering Brings 2,500-Year-Old Mummy Back To Life

Cell Phones Become Handheld Tools For Global Development

Disease Proposed As Major Barrier To Mars And Beyond

Iranian Scholars Share Avicenna’s Medieval Medical Wisdom

Lack Of Insurance May Have Figured In Nearly 17,000 Childhood Deaths

Improved Adhesive For Products Like Transparent Tape Could Benefit Biofuels Economy

New Technology May Cool The Laptop

Ancient ‘Monster’ Insect Offers Halloween Inspiration

Simple Measures Can Yield Big Greenhouse Gas Cuts

Animals Now Picking Up Bugs From People

Scientists Discover Gene That ‘Cancer-Proofs’ Rodent’s Cells

Music Makes You Smarter

Penn Researchers Reverse The Cognitive Impairment Caused By Sleep Deprivation

Why Antidepressants Don’t Work For So Many

Arctic Sediments Show That 20th Century Warming Is Unlike Natural Variation

Cleanliness Really Is Next To Godliness

Experimental Treatments Restore Partial Vision To Blind People

Creating The Smallest Nanoantennas For High-Speed Data Networks

Material That Could Boost Data Storage And Save Energy Developed

Ancient Bison Genetic Treasure Trove For Farmers

All-In-One Computerized Scheduling Will Make Airports Greener And More Efficient

Report Examines Hidden Costs Of Energy Production And Use

Tsunami Evacuation Buildings: Another Way To Save Lives In The Pacific Northwest

First-Time Internet Users Find Boost In Brain Function After Just One Week

Mangosteen Juice Could Protect Health In The Obese

Magnetic Leaves Reveal Bellingham’s Most Polluted Byways

Quantum Computer Chips Now One Step Closer To Reality

Misuse Of Antibiotics Not The Only Cause Of Resistance Says Report

Bioengineering Of Nerve-Muscle Connection Could Improve Prosthetics

Identifying ID Theft And Fraud

Carnegie Mellon Researchers Save Electricity With Low-Power Processors And Flash Memory

New Brain Stimulation Treatment May Offer Hope For Depression Sufferers

35 queries / 0.864 seconds.