Details of VAR-200403-0095

ID

VAR-200403-0095

CVE

CVE-2004-1884

TITLE

Progress Software Ipswitch WS_FTP Server Security hole

Trust: 0.6

sources: CNNVD: CNNVD-200403-097

DESCRIPTION

Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access. Multiple vulnerabilities have been identified in the WS_FTP Server and client applications. The issues include two remote buffer overflow vulnerabilities in the client, a denial of service vulnerability in the server and an access validation issue in the server leading to remote command execution with SYSTEM privileges. These issues are undergoing further analysis. This BID will be divided into separate issues as analysis is completed. Progress Software Ipswitch WS_FTP Server is a set of FTP server software developed by Progress Software Company in the United States. It provides functions such as file transfer control and transfer encryption

Trust: 1.26

sources: NVD: CVE-2004-1884 // BID: 9953 // VULHUB: VHN-10313

AFFECTED PRODUCTS

vendor:	ipswitch	model:	ws ftp server	scope:	eq	version:	3.0_1	Trust: 1.6
vendor:	ipswitch	model:	ws ftp pro	scope:	eq	version:	7.5	Trust: 1.3
vendor:	ipswitch	model:	ws ftp pro	scope:	eq	version:	6.0	Trust: 1.3
vendor:	ipswitch	model:	ws ftp server	scope:	eq	version:	4.01	Trust: 1.3
vendor:	progress	model:	ws ftp server	scope:	eq	version:	3.1.3	Trust: 1.0
vendor:	progress	model:	ws ftp server	scope:	eq	version:	4.0	Trust: 1.0
vendor:	progress	model:	ws ftp server	scope:	eq	version:	3.1	Trust: 1.0
vendor:	progress	model:	ws ftp server	scope:	eq	version:	2.0.1	Trust: 1.0
vendor:	progress	model:	ws ftp server	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	progress	model:	ws ftp server	scope:	eq	version:	3.1.2	Trust: 1.0
vendor:	progress	model:	ws ftp server	scope:	eq	version:	2.0.3	Trust: 1.0
vendor:	progress	model:	ws ftp server	scope:	eq	version:	3.4	Trust: 1.0
vendor:	progress	model:	ws ftp server	scope:	eq	version:	1.0.3	Trust: 1.0
vendor:	ipswitch	model:	ws ftp pro	scope:	eq	version:	8.0_2	Trust: 1.0
vendor:	progress	model:	ws ftp server	scope:	eq	version:	1.0.2	Trust: 1.0
vendor:	ipswitch	model:	ws ftp pro	scope:	eq	version:	8.0_3	Trust: 1.0
vendor:	progress	model:	ws ftp server	scope:	eq	version:	4.0.2	Trust: 1.0
vendor:	progress	model:	ws ftp server	scope:	eq	version:	1.0.1	Trust: 1.0
vendor:	progress	model:	ws ftp server	scope:	eq	version:	2.0.2	Trust: 1.0
vendor:	progress	model:	ws ftp server	scope:	eq	version:	1.0.4	Trust: 1.0
vendor:	progress	model:	ws ftp server	scope:	eq	version:	3.0	Trust: 1.0
vendor:	progress	model:	ws ftp server	scope:	eq	version:	2.0	Trust: 1.0
vendor:	progress	model:	ws ftp server	scope:	eq	version:	2.0.4	Trust: 1.0
vendor:	progress	model:	ws ftp server	scope:	eq	version:	1.0.5	Trust: 1.0
vendor:	ipswitch	model:	ws ftp server	scope:	eq	version:	3.1	Trust: 0.9
vendor:	ipswitch	model:	ws ftp server	scope:	eq	version:	3.0	Trust: 0.9
vendor:	ipswitch	model:	ws ftp server	scope:	eq	version:	2.0.4	Trust: 0.9
vendor:	ipswitch	model:	ws ftp server	scope:	eq	version:	2.0.3	Trust: 0.9
vendor:	ipswitch	model:	ws ftp server	scope:	eq	version:	2.0.2	Trust: 0.9
vendor:	ipswitch	model:	ws ftp server	scope:	eq	version:	2.0.1	Trust: 0.9
vendor:	ipswitch	model:	ws ftp server	scope:	eq	version:	2.0	Trust: 0.9
vendor:	ipswitch	model:	ws ftp server	scope:	eq	version:	1.0.5	Trust: 0.9
vendor:	ipswitch	model:	ws ftp server	scope:	eq	version:	1.0.4	Trust: 0.9
vendor:	ipswitch	model:	ws ftp pro	scope:	eq	version:	8.03	Trust: 0.3
vendor:	ipswitch	model:	ws ftp pro	scope:	eq	version:	8.02	Trust: 0.3
vendor:	ipswitch	model:	ws ftp server	scope:	eq	version:	4.02	Trust: 0.3
vendor:	ipswitch	model:	ws ftp server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	ipswitch	model:	ws ftp server	scope:	eq	version:	3.4	Trust: 0.3
vendor:	ipswitch	model:	ws ftp server	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	ipswitch	model:	ws ftp server	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	ipswitch	model:	ws ftp server	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	ipswitch	model:	ws ftp server	scope:	eq	version:	3.01	Trust: 0.3
vendor:	ipswitch	model:	ws ftp server	scope:	eq	version:	1.0.3	Trust: 0.3
vendor:	ipswitch	model:	ws ftp server	scope:	eq	version:	1.0.2	Trust: 0.3
vendor:	ipswitch	model:	ws ftp server	scope:	eq	version:	1.0.1	Trust: 0.3

sources: BID: 9953 // CNNVD: CNNVD-200403-097 // NVD: CVE-2004-1884

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1884
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200403-097
value:	HIGH
Trust: 0.6
VULHUB:	VHN-10313
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-1884
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-10313
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-10313 // CNNVD: CNNVD-200403-097 // NVD: CVE-2004-1884

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1884

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200403-097

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200403-097

EXTERNAL IDS

db:	BID	id:	9953	Trust: 2.0
db:	SECUNIA	id:	11206	Trust: 1.7
db:	NVD	id:	CVE-2004-1884	Trust: 1.7
db:	CNNVD	id:	CNNVD-200403-097	Trust: 0.7
db:	VULHUB	id:	VHN-10313	Trust: 0.1

sources: VULHUB: VHN-10313 // BID: 9953 // CNNVD: CNNVD-200403-097 // NVD: CVE-2004-1884

REFERENCES

url:	http://www.securityfocus.com/bid/9953	Trust: 1.7
url:	http://secunia.com/advisories/11206	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/15558	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=108006581418116&w=2	Trust: 1.6
url:	http://www.ipswitch.com/	Trust: 0.3
url:	/archive/1/358356	Trust: 0.3
url:	/archive/1/358363	Trust: 0.3
url:	/archive/1/358357	Trust: 0.3
url:	/archive/1/358361	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=108006581418116&w=2	Trust: 0.1

sources: VULHUB: VHN-10313 // BID: 9953 // CNNVD: CNNVD-200403-097 // NVD: CVE-2004-1884

CREDITS

Discovery is credited to Hugh Mann <hughmann@hotmail.com>.

Trust: 0.9

sources: BID: 9953 // CNNVD: CNNVD-200403-097

SOURCES

db:	VULHUB	id:	VHN-10313
db:	BID	id:	9953
db:	CNNVD	id:	CNNVD-200403-097
db:	NVD	id:	CVE-2004-1884

LAST UPDATE DATE

2024-08-14T14:09:00.165000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-10313	date:	2019-08-13T00:00:00
db:	BID	id:	9953	date:	2004-03-23T00:00:00
db:	CNNVD	id:	CNNVD-200403-097	date:	2020-05-11T00:00:00
db:	NVD	id:	CVE-2004-1884	date:	2023-10-11T14:45:44.747

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-10313	date:	2004-03-23T00:00:00
db:	BID	id:	9953	date:	2004-03-23T00:00:00
db:	CNNVD	id:	CNNVD-200403-097	date:	2004-03-23T00:00:00
db:	NVD	id:	CVE-2004-1884	date:	2004-03-23T05:00:00