Sign-up

ID

VAR-200412-1139


CVE

CVE-2004-1883


TITLE

Progress Software Ipswitch WS_FTP Server Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-294

DESCRIPTION

Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or (2) may allow remote FTP administrators to execute arbitrary code by causing a long hostname or username to be inserted into a reply to a STAT command while a file is being transferred. Multiple vulnerabilities have been identified in the WS_FTP Server and client applications. The issues include two remote buffer overflow vulnerabilities in the client, a denial of service vulnerability in the server and an access validation issue in the server leading to remote command execution with SYSTEM privileges. These issues are undergoing further analysis. This BID will be divided into separate issues as analysis is completed. Progress Software Ipswitch WS_FTP Server is a set of FTP server software developed by Progress Software Company in the United States. It provides functions such as file transfer control and transfer encryption. A buffer error vulnerability exists in Progress Software Ipswitch WS_FTP Server version 4.0.2

Trust: 1.26

sources: NVD: CVE-2004-1883 // BID: 9953 // VULHUB: VHN-10312

AFFECTED PRODUCTS

vendor:progressmodel:ws ftp serverscope:eqversion:4.0.2

Trust: 1.0

vendor:ipswitchmodel:ws ftp serverscope:eqversion:4.0.2

Trust: 0.6

vendor:ipswitchmodel:ws ftp proscope:eqversion:8.03

Trust: 0.3

vendor:ipswitchmodel:ws ftp proscope:eqversion:8.02

Trust: 0.3

vendor:ipswitchmodel:ws ftp proscope:eqversion:7.5

Trust: 0.3

vendor:ipswitchmodel:ws ftp proscope:eqversion:6.0

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:eqversion:4.02

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:eqversion:4.01

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:eqversion:4.0

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:eqversion:3.4

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:eqversion:3.1.3

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:eqversion:3.1.2

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:eqversion:3.1.1

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:eqversion:3.1

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:eqversion:3.01

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:eqversion:3.0

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:eqversion:2.0.4

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:eqversion:2.0.3

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:eqversion:2.0.2

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:eqversion:2.0.1

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:eqversion:2.0

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:eqversion:1.0.5

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:eqversion:1.0.4

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:eqversion:1.0.3

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:eqversion:1.0.2

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:eqversion:1.0.1

Trust: 0.3

sources: BID: 9953 // CNNVD: CNNVD-200412-294 // NVD: CVE-2004-1883

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-1883
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200412-294
value: HIGH

Trust: 0.6

VULHUB: VHN-10312
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2004-1883
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-10312
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-10312 // CNNVD: CNNVD-200412-294 // NVD: CVE-2004-1883

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1883

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-294

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-200412-294

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-10312

EXTERNAL IDS
db:BIDid:9953
Trust: 2.0
db:SECUNIAid:11206
Trust: 1.7
db:NVDid:CVE-2004-1883
Trust: 1.7
db:CNNVDid:CNNVD-200412-294
Trust: 0.7
db:SEEBUGid:SSVID-62778
Trust: 0.1
db:EXPLOIT-DBid:165
Trust: 0.1
db:VULHUBid:VHN-10312
Trust: 0.1
sources:
            
            
            VULHUB: VHN-10312 // 
            
            
            
            BID: 9953 // 
            
            
            
            CNNVD: CNNVD-200412-294 // 
            
            
            
            NVD: CVE-2004-1883

REFERENCES
url:http://www.securityfocus.com/bid/9953
Trust: 1.7
url:http://www.securityfocus.com/archive/1/358361
Trust: 1.7
url:http://secunia.com/advisories/11206
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/15561
Trust: 1.7
url:http://marc.info/?l=bugtraq&m=108006553222397&w=2
Trust: 1.6
url:http://www.ipswitch.com/
Trust: 0.3
url:/archive/1/358356
Trust: 0.3
url:/archive/1/358363
Trust: 0.3
url:/archive/1/358357
Trust: 0.3
url:/archive/1/358361
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=108006553222397&w=2
Trust: 0.1
sources:
            
            
            VULHUB: VHN-10312 // 
            
            
            
            BID: 9953 // 
            
            
            
            CNNVD: CNNVD-200412-294 // 
            
            
            
            NVD: CVE-2004-1883

CREDITS
Discovery is credited to Hugh Mann <hughmann@hotmail.com>.
Trust: 0.9
sources:
            
            
            BID: 9953 // 
            
            
            
            CNNVD: CNNVD-200412-294

SOURCES
db:VULHUBid:VHN-10312
db:BIDid:9953
db:CNNVDid:CNNVD-200412-294
db:NVDid:CVE-2004-1883

LAST UPDATE DATE
2024-08-14T14:09:00.136000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-10312date:2019-08-13T00:00:00
db:BIDid:9953date:2004-03-23T00:00:00
db:CNNVDid:CNNVD-200412-294date:2020-05-11T00:00:00
db:NVDid:CVE-2004-1883date:2023-10-11T14:45:44.747

SOURCES RELEASE DATE
db:VULHUBid:VHN-10312date:2004-12-31T00:00:00
db:BIDid:9953date:2004-03-23T00:00:00
db:CNNVDid:CNNVD-200412-294date:2004-12-31T00:00:00
db:NVDid:CVE-2004-1883date:2004-12-31T05:00:00