Summary
This host is running a version of WS_FTP FTP server prior to 3.1.2. Versions earlier than 3.1.2 contain an unchecked buffer in routines that handle the 'CPWD' command arguments. The 'CPWD' command allows remote users to change their password. By issuing a malformed argument to the CPWD command, a user could overflow a buffer and execute arbitrary code on this host. Note that a local user account is required.
The vendor has released a patch that fixes this issue. Please install the latest patch available from the vendor's website at http://www.ipswitch.com/support/.
Severity
Classification
-
CVE CVE-2002-0826 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- War FTP Daemon 'USER' and 'PASS' Remote Format String Vulnerability
- FreeBSD and OpenBSD 'ftpd' NULL Pointer Dereference Denial Of Service Vulnerability
- Serv-U FTP Server SITE CHMOD Command Stack Overflow Vulnerability
- httpdx Multiple Commands Remote Buffer Overflow Vulnerabilities
- Windows Administrator NULL FTP password