Details of VAR-200309-0020

ID

VAR-200309-0020

CVE

CVE-2003-0772

TITLE

WS_FTP Server vulnerable to buffer overflow when supplied overly long "APPE" command

Trust: 0.8

sources: CERT/CC: VU#792284

DESCRIPTION

Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments. It has been reported that a vulnerability exists in the processing of a "STAT" command on WS_FTP Servers versions 4.x and prior. Exploitation of this vulnerability may lead to an authenticated user executing arbitrary code with the elevated privileges of the server process. Ipswitch WS_FTP Server is reported to be prone to buffer overruns when handling data supplied to the APPE and STAT FTP commands. Progress Software Ipswitch WS_FTP Server is a set of FTP server software developed by Progress Software Company in the United States. It provides functions such as file transfer control and transfer encryption

Trust: 2.7

sources: NVD: CVE-2003-0772 // CERT/CC: VU#792284 // CERT/CC: VU#219140 // BID: 8542 // VULHUB: VHN-7597

AFFECTED PRODUCTS

vendor:	ipswitch	model:	ws ftp server	scope:	eq	version:	4.01	Trust: 1.9
vendor:	ipswitch	model:	-	scope:	-	version:	-	Trust: 1.6
vendor:	progress	model:	ws ftp server	scope:	eq	version:	3.4	Trust: 1.0
vendor:	ipswitch	model:	ws ftp server	scope:	eq	version:	3.4	Trust: 0.9
vendor:	ipswitch	model:	ws ftp server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	ipswitch	model:	ws ftp server	scope:	ne	version:	4.02	Trust: 0.3

sources: CERT/CC: VU#792284 // CERT/CC: VU#219140 // BID: 8542 // CNNVD: CNNVD-200309-029 // NVD: CVE-2003-0772

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-0772
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#792284
value:	10.50
Trust: 0.8
CARNEGIE MELLON:	VU#219140
value:	10.50
Trust: 0.8
CNNVD:	CNNVD-200309-029
value:	HIGH
Trust: 0.6
VULHUB:	VHN-7597
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2003-0772
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-7597
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#792284 // CERT/CC: VU#219140 // VULHUB: VHN-7597 // CNNVD: CNNVD-200309-029 // NVD: CVE-2003-0772

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0772

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200309-029

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-200309-029

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-7597

PATCH

title:

Progress Software Ipswitch WS_FTP Server Buffer error vulnerability fix

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118178

Trust: 0.6

sources: CNNVD: CNNVD-200309-029

EXTERNAL IDS

db:	CERT/CC	id:	VU#792284	Trust: 2.5
db:	SECUNIA	id:	9671	Trust: 2.5
db:	CERT/CC	id:	VU#219140	Trust: 2.5
db:	BID	id:	8542	Trust: 2.0
db:	NVD	id:	CVE-2003-0772	Trust: 1.7
db:	CNNVD	id:	CNNVD-200309-029	Trust: 0.7
db:	EXPLOIT-DB	id:	23100	Trust: 0.1
db:	SEEBUG	id:	SSVID-76880	Trust: 0.1
db:	VULHUB	id:	VHN-7597	Trust: 0.1

sources: CERT/CC: VU#792284 // CERT/CC: VU#219140 // VULHUB: VHN-7597 // BID: 8542 // CNNVD: CNNVD-200309-029 // NVD: CVE-2003-0772

REFERENCES

url:	http://www.securityfocus.com/bid/8542	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/219140	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/792284	Trust: 1.7
url:	http://secunia.com/advisories/9671	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/13119	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=106288825902868&w=2	Trust: 1.6
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://www.secunia.com/advisories/9671/	Trust: 0.8
url:	ftp://ftp.ipswitch.com/ipswitch/product_support/ws_ftp_server/ifs402.exe	Trust: 0.8
url:	http://www.ipswitch.com/	Trust: 0.3
url:	/archive/1/336441	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=106288825902868&w=2	Trust: 0.1

sources: CERT/CC: VU#792284 // CERT/CC: VU#219140 // VULHUB: VHN-7597 // BID: 8542 // CNNVD: CNNVD-200309-029 // NVD: CVE-2003-0772

CREDITS

pejman d※ pejman@rite.ca

Trust: 0.6

sources: CNNVD: CNNVD-200309-029

SOURCES

db:	CERT/CC	id:	VU#792284
db:	CERT/CC	id:	VU#219140
db:	VULHUB	id:	VHN-7597
db:	BID	id:	8542
db:	CNNVD	id:	CNNVD-200309-029
db:	NVD	id:	CVE-2003-0772

LAST UPDATE DATE

2024-08-14T13:40:25.622000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#792284	date:	2003-09-22T00:00:00
db:	CERT/CC	id:	VU#219140	date:	2003-09-22T00:00:00
db:	VULHUB	id:	VHN-7597	date:	2019-08-13T00:00:00
db:	BID	id:	8542	date:	2003-09-04T00:00:00
db:	CNNVD	id:	CNNVD-200309-029	date:	2020-05-11T00:00:00
db:	NVD	id:	CVE-2003-0772	date:	2023-10-11T14:45:44.747

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#792284	date:	2003-09-22T00:00:00
db:	CERT/CC	id:	VU#219140	date:	2003-09-22T00:00:00
db:	VULHUB	id:	VHN-7597	date:	2003-09-22T00:00:00
db:	BID	id:	8542	date:	2003-09-04T00:00:00
db:	CNNVD	id:	CNNVD-200309-029	date:	2003-09-22T00:00:00
db:	NVD	id:	CVE-2003-0772	date:	2003-09-22T04:00:00