Sign-up

ID

VAR-200609-0297


CVE

CVE-2006-4847


TITLE

Ipswitch WS_FTP Server Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2006-002114

DESCRIPTION

Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands. Ipswitch WS_FTP Server is prone to a number of stack-overflow vulnerabilities. Updates are available. A successful exploit may lead to remote arbitrary code execution with administrative privileges, facilitating the complete compromise of affected computers. Ipswitch WS_FTP Server 5.04 and 5.05 are vulnerable to these issues; other versions may also be affected. Ipswitch WS_FTP Server is an FTP service program suitable for Windows systems. There is a typical stack overflow vulnerability in WS_FTP when processing super long XCRC/XSHA1/XMD5 extended command parameters. The exploitation of the vulnerability requires the user to log in to the system with a legal account, but No writable directory is required. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: WS_FTP Server FTP Commands Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA21932 VERIFY ADVISORY: http://secunia.com/advisories/21932/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote SOFTWARE: WS_FTP Server 5.x http://secunia.com/product/3853/ DESCRIPTION: A vulnerability have been reported in WS_FTP Server, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is due to a boundary error when parsing arguments to the "XCRC", "XSHA1", and "XMD5" commands. This can be exploited to cause stack-based buffer overflows via overly long command arguments. The vulnerability has been reported in version 5.05. SOLUTION: Apply patch. http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-4847 // JVNDB: JVNDB-2006-002114 // BID: 20076 // VULHUB: VHN-20955 // PACKETSTORM: 50127

AFFECTED PRODUCTS

vendor:ipswitchmodel:ws ftp serverscope:eqversion:5.03

Trust: 1.6

vendor:ipswitchmodel:ws ftp serverscope:eqversion:4.01

Trust: 1.6

vendor:ipswitchmodel:ws ftp serverscope:eqversion:5.02

Trust: 1.6

vendor:progressmodel:ws ftp serverscope:eqversion:3.1.3

Trust: 1.0

vendor:progressmodel:ws ftp serverscope:eqversion:4.0

Trust: 1.0

vendor:progressmodel:ws ftp serverscope:eqversion:1.0.1.e

Trust: 1.0

vendor:progressmodel:ws ftp serverscope:eqversion:3.1

Trust: 1.0

vendor:ipswitchmodel:ws ftp serverscope:eqversion:1.0.2eval

Trust: 1.0

vendor:progressmodel:ws ftp serverscope:eqversion:2.0.1

Trust: 1.0

vendor:progressmodel:ws ftp serverscope:eqversion:3.1.1

Trust: 1.0

vendor:progressmodel:ws ftp serverscope:eqversion:3.1.2

Trust: 1.0

vendor:progressmodel:ws ftp serverscope:eqversion:2.0.3

Trust: 1.0

vendor:progressmodel:ws ftp serverscope:eqversion:3.4

Trust: 1.0

vendor:progressmodel:ws ftp serverscope:eqversion:1.0.3

Trust: 1.0

vendor:progressmodel:ws ftp serverscope:eqversion:1.0.2

Trust: 1.0

vendor:ipswitchmodel:ws ftp serverscope:eqversion:1.0.1eval

Trust: 1.0

vendor:ipswitchmodel:ws ftp serverscope:eqversion:3.0_1

Trust: 1.0

vendor:progressmodel:ws ftp serverscope:lteversion:5.05

Trust: 1.0

vendor:progressmodel:ws ftp serverscope:eqversion:1.0.2.e

Trust: 1.0

vendor:progressmodel:ws ftp serverscope:eqversion:4.0.2

Trust: 1.0

vendor:progressmodel:ws ftp serverscope:eqversion:1.0.1

Trust: 1.0

vendor:progressmodel:ws ftp serverscope:eqversion:2.0.2

Trust: 1.0

vendor:progressmodel:ws ftp serverscope:eqversion:1.0.4

Trust: 1.0

vendor:progressmodel:ws ftp serverscope:eqversion:3.0

Trust: 1.0

vendor:progressmodel:ws ftp serverscope:eqversion:2.0

Trust: 1.0

vendor:progressmodel:ws ftp serverscope:eqversion:2.0.4

Trust: 1.0

vendor:progressmodel:ws ftp serverscope:eqversion:1.0.5

Trust: 1.0

vendor:ipswitchmodel:ws ftp serverscope:eqversion:5.05

Trust: 0.9

vendor:ipswitchmodel:ws ftp serverscope:eqversion:hotfix 1

Trust: 0.8

vendor:ipswitchmodel:ws ftp serverscope:ltversion:5.05

Trust: 0.8

vendor:ipswitchmodel:ws ftp serverscope:eqversion:4.0

Trust: 0.6

vendor:ipswitchmodel:ws ftp serverscope:eqversion:4.0.2

Trust: 0.6

vendor:ipswitchmodel:ws ftp serverscope:eqversion:3.4

Trust: 0.6

vendor:ipswitchmodel:ws ftp serverscope:eqversion:3.1.3

Trust: 0.6

vendor:ipswitchmodel:ws ftp serverscope:eqversion:3.1.1

Trust: 0.6

vendor:ipswitchmodel:ws ftp serverscope:eqversion:3.1.2

Trust: 0.6

vendor:ipswitchmodel:ws ftp serverscope:eqversion:5.04

Trust: 0.3

vendor:ipswitchmodel:ws ftp server hotfixscope:neversion:5.051

Trust: 0.3

sources: BID: 20076 // JVNDB: JVNDB-2006-002114 // CNNVD: CNNVD-200609-295 // NVD: CVE-2006-4847

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-4847
value: MEDIUM

Trust: 1.0

NVD: CVE-2006-4847
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200609-295
value: MEDIUM

Trust: 0.6

VULHUB: VHN-20955
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-4847
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-20955
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-20955 // JVNDB: JVNDB-2006-002114 // CNNVD: CNNVD-200609-295 // NVD: CVE-2006-4847

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-4847

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200609-295

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200609-295

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-002114

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-20955

PATCH
title:WS_FTP Server 5.05 Hotfix 1url:http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp
Trust: 0.8
title:Ipswitch WS_FTP Server Buffer Overflow Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96806
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2006-002114 // 
            
            
            
            CNNVD: CNNVD-200609-295

EXTERNAL IDS
db:NVDid:CVE-2006-4847
Trust: 2.8
db:BIDid:20076
Trust: 2.0
db:SECUNIAid:21932
Trust: 1.8
db:OSVDBid:28939
Trust: 1.7
db:VUPENid:ADV-2006-3655
Trust: 1.7
db:JVNDBid:JVNDB-2006-002114
Trust: 0.8
db:CNNVDid:CNNVD-200609-295
Trust: 0.7
db:PACKETSTORMid:82965
Trust: 0.1
db:SEEBUGid:SSVID-71222
Trust: 0.1
db:EXPLOIT-DBid:16717
Trust: 0.1
db:EXPLOIT-DBid:3335
Trust: 0.1
db:VULHUBid:VHN-20955
Trust: 0.1
db:PACKETSTORMid:50127
Trust: 0.1
sources:
            
            
            VULHUB: VHN-20955 // 
            
            
            
            BID: 20076 // 
            
            
            
            JVNDB: JVNDB-2006-002114 // 
            
            
            
            PACKETSTORM: 50127 // 
            
            
            
            CNNVD: CNNVD-200609-295 // 
            
            
            
            NVD: CVE-2006-4847

REFERENCES
url:http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp
Trust: 2.1
url:http://www.securityfocus.com/bid/20076
Trust: 1.7
url:http://www.osvdb.org/28939
Trust: 1.7
url:http://secunia.com/advisories/21932
Trust: 1.7
url:http://www.vupen.com/english/advisories/2006/3655
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/28983
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4847
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4847
Trust: 0.8
url:http://www.ipswitch.com/products/ws_ftp/home/index.asp
Trust: 0.3
url:/archive/1/447077
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/21932/
Trust: 0.1
url:http://secunia.com/quality_assurance_analyst/
Trust: 0.1
url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/web_application_security_specialist/
Trust: 0.1
url:http://secunia.com/product/3853/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-20955 // 
            
            
            
            BID: 20076 // 
            
            
            
            JVNDB: JVNDB-2006-002114 // 
            
            
            
            PACKETSTORM: 50127 // 
            
            
            
            CNNVD: CNNVD-200609-295 // 
            
            
            
            NVD: CVE-2006-4847

CREDITS
This vulnerability was discovered by an anonymous researcher.
Trust: 0.3
sources:
            
            
            BID: 20076

SOURCES
db:VULHUBid:VHN-20955
db:BIDid:20076
db:JVNDBid:JVNDB-2006-002114
db:PACKETSTORMid:50127
db:CNNVDid:CNNVD-200609-295
db:NVDid:CVE-2006-4847

LAST UPDATE DATE
2024-08-14T13:39:35.134000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-20955date:2019-08-13T00:00:00
db:BIDid:20076date:2016-07-05T21:38:00
db:JVNDBid:JVNDB-2006-002114date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200609-295date:2019-08-14T00:00:00
db:NVDid:CVE-2006-4847date:2023-10-11T14:45:44.747

SOURCES RELEASE DATE
db:VULHUBid:VHN-20955date:2006-09-19T00:00:00
db:BIDid:20076date:2006-09-14T00:00:00
db:JVNDBid:JVNDB-2006-002114date:2012-09-25T00:00:00
db:PACKETSTORMid:50127date:2006-09-21T23:56:25
db:CNNVDid:CNNVD-200609-295date:2006-09-18T00:00:00
db:NVDid:CVE-2006-4847date:2006-09-19T01:07:00