Sign-up

ID

VAR-200208-0044


CVE

CVE-2002-0826


TITLE

Progress Software Ipswitch WS_FTP Server Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200208-134

DESCRIPTION

Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command. Ipswitch WS_FTP Server, is a FTP server for Microsoft Windows platforms. Oversized parameters may corrupt process memory, possibly leading to the execution of arbitrary code as the server process. This issue has been reported in WS_FTP Server 3.1.1. Earlier versions may share this vulnerability, this has not however been confirmed. Progress Software Ipswitch WS_FTP Server is a set of FTP server software developed by Progress Software Company in the United States. It provides functions such as file transfer control and transfer encryption. A buffer error vulnerability exists in Progress Software Ipswitch WS_FTP Server version 3.1.1

Trust: 1.26

sources: NVD: CVE-2002-0826 // BID: 5427 // VULHUB: VHN-5217

AFFECTED PRODUCTS

vendor:progressmodel:ws ftp serverscope:eqversion:3.1.1

Trust: 1.0

vendor:ipswitchmodel:ws ftp serverscope:eqversion:3.1.1

Trust: 0.9

vendor:ipswitchmodel:ws ftp serverscope:neversion:3.1.2

Trust: 0.3

sources: BID: 5427 // CNNVD: CNNVD-200208-134 // NVD: CVE-2002-0826

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-0826
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200208-134
value: HIGH

Trust: 0.6

VULHUB: VHN-5217
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2002-0826
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-5217
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-5217 // CNNVD: CNNVD-200208-134 // NVD: CVE-2002-0826

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0826

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200208-134

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-200208-134

EXTERNAL IDS

db:BIDid:5427

Trust: 2.0

db:NVDid:CVE-2002-0826

Trust: 1.7

db:CNNVDid:CNNVD-200208-134

Trust: 0.7

db:VULHUBid:VHN-5217

Trust: 0.1

sources: VULHUB: VHN-5217 // BID: 5427 // CNNVD: CNNVD-200208-134 // NVD: CVE-2002-0826

REFERENCES

url:http://www.atstake.com/research/advisories/2002/a080802-1.txt

Trust: 1.7

url:http://www.securityfocus.com/bid/5427

Trust: 1.7

url:http://www.ipswitch.com/support/ws_ftp-server/patch-upgrades.html

Trust: 1.7

url:http://www.iss.net/security_center/static/9794.php

Trust: 1.7

url:http://www.ipswitch.com/support/ws_ftp-server/index.asp

Trust: 0.3

sources: VULHUB: VHN-5217 // BID: 5427 // CNNVD: CNNVD-200208-134 // NVD: CVE-2002-0826

CREDITS

Andreas Junestam※ andreas@atstake.com

Trust: 0.6

sources: CNNVD: CNNVD-200208-134

SOURCES

db:VULHUBid:VHN-5217
db:BIDid:5427
db:CNNVDid:CNNVD-200208-134
db:NVDid:CVE-2002-0826

LAST UPDATE DATE

2024-08-14T15:41:01.369000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-5217date:2019-08-13T00:00:00
db:BIDid:5427date:2002-08-08T00:00:00
db:CNNVDid:CNNVD-200208-134date:2020-05-11T00:00:00
db:NVDid:CVE-2002-0826date:2023-10-11T14:45:44.747

SOURCES RELEASE DATE

db:VULHUBid:VHN-5217date:2002-08-12T00:00:00
db:BIDid:5427date:2002-08-08T00:00:00
db:CNNVDid:CNNVD-200208-134date:2002-08-12T00:00:00
db:NVDid:CVE-2002-0826date:2002-08-12T04:00:00