Sign-up

ID

VAR-200609-0490


CVE

CVE-2006-4974


TITLE

Ipswitch WS_FTP LE Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2006-002158

DESCRIPTION

Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows remote FTP servers to execute arbitrary code via a long response to a PASV command. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial of service. A remote buffer-overflow vulnerability is reported in the Ipswitch WS_FTP client. This issue occurs because the application fails to properly validate the length of user-supplied strings prior to copying them into finite process buffers. An attacker may exploit this issue to cause the affected client to crash. Execution of arbitrary code in the context of the FTP client process may also be possible. Version 5.08 of the affected software is vulnerable; other versions may be affected as well. Ipswitch WS_FTP Server is an FTP service program suitable for Windows systems. WS_FTP Server has a buffer overflow vulnerability when processing the registered super long SITE command locally. Local attackers may use this vulnerability to elevate their privileges. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: WS_FTP LE "PASV" Response Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA22032 VERIFY ADVISORY: http://secunia.com/advisories/22032/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: WS_FTP LE 5.x http://secunia.com/product/12062/ DESCRIPTION: h07 has discovered a vulnerability in WS_FTP LE, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error within the handling of responses to the "PASV" command. This can be exploited to cause a buffer overflow by e.g. tricking a user into connecting to a malicious FTP server. SOLUTION: Connect to trusted FTP servers only. Use another product. PROVIDED AND/OR DISCOVERED BY: h07 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.34

sources: NVD: CVE-2006-4974 // JVNDB: JVNDB-2006-002158 // BID: 23260 // BID: 20121 // VULHUB: VHN-21082 // PACKETSTORM: 50260

AFFECTED PRODUCTS

vendor:ipswitchmodel:ws ftp serverscope:eqversion:5.08_limited_edition

Trust: 1.6

vendor:ipswitchmodel:ws ftp serverscope:eqversion:limited edition 5.08

Trust: 0.8

vendor:ipswitchmodel:ws ftp serverscope:eqversion:5.05

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:eqversion:5.08

Trust: 0.3

sources: BID: 23260 // BID: 20121 // JVNDB: JVNDB-2006-002158 // CNNVD: CNNVD-200609-412 // NVD: CVE-2006-4974

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-4974
value: HIGH

Trust: 1.0

NVD: CVE-2006-4974
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200609-412
value: HIGH

Trust: 0.6

VULHUB: VHN-21082
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-4974
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-21082
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-21082 // JVNDB: JVNDB-2006-002158 // CNNVD: CNNVD-200609-412 // NVD: CVE-2006-4974

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-4974

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200609-412

TYPE

Boundary Condition Error

Trust: 0.6

sources: BID: 23260 // BID: 20121

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-002158

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-21082

PATCH
title:WS_FTPurl:http://www.ipswitchft.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-002158

EXTERNAL IDS
db:NVDid:CVE-2006-4974
Trust: 2.8
db:BIDid:20121
Trust: 2.0
db:SECUNIAid:22032
Trust: 1.8
db:OSVDBid:29125
Trust: 1.7
db:EXPLOIT-DBid:2401
Trust: 1.7
db:JVNDBid:JVNDB-2006-002158
Trust: 0.8
db:CNNVDid:CNNVD-200609-412
Trust: 0.7
db:MILW0RMid:2401
Trust: 0.6
db:XFid:29074
Trust: 0.6
db:BIDid:23260
Trust: 0.4
db:VULHUBid:VHN-21082
Trust: 0.1
db:PACKETSTORMid:50260
Trust: 0.1
sources:
            
            
            VULHUB: VHN-21082 // 
            
            
            
            BID: 23260 // 
            
            
            
            BID: 20121 // 
            
            
            
            JVNDB: JVNDB-2006-002158 // 
            
            
            
            PACKETSTORM: 50260 // 
            
            
            
            CNNVD: CNNVD-200609-412 // 
            
            
            
            NVD: CVE-2006-4974

REFERENCES
url:http://www.securityfocus.com/bid/20121
Trust: 1.7
url:http://www.osvdb.org/29125
Trust: 1.7
url:http://secunia.com/advisories/22032
Trust: 1.7
url:https://www.exploit-db.com/exploits/2401
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/29074
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4974
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4974
Trust: 0.8
url:http://www.ipswitch.com/products/ws_ftp/home/index.asp
Trust: 0.6
url:http://www.milw0rm.com/exploits/2401
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/29074
Trust: 0.6
url:http://milw0rm.com/exploits/2401
Trust: 0.6
url:http://secunia.com/advisories/22032/
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/quality_assurance_analyst/
Trust: 0.1
url:http://secunia.com/product/12062/
Trust: 0.1
url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/web_application_security_specialist/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-21082 // 
            
            
            
            BID: 23260 // 
            
            
            
            BID: 20121 // 
            
            
            
            JVNDB: JVNDB-2006-002158 // 
            
            
            
            PACKETSTORM: 50260 // 
            
            
            
            CNNVD: CNNVD-200609-412 // 
            
            
            
            NVD: CVE-2006-4974

CREDITS
Marsu Marsupilamipowa@hotmail.fr
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200609-412

SOURCES
db:VULHUBid:VHN-21082
db:BIDid:23260
db:BIDid:20121
db:JVNDBid:JVNDB-2006-002158
db:PACKETSTORMid:50260
db:CNNVDid:CNNVD-200609-412
db:NVDid:CVE-2006-4974

LAST UPDATE DATE
2024-08-14T15:45:33.063000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-21082date:2017-10-19T00:00:00
db:BIDid:23260date:2007-04-03T18:22:00
db:BIDid:20121date:2007-01-15T17:30:00
db:JVNDBid:JVNDB-2006-002158date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200609-412date:2006-09-26T00:00:00
db:NVDid:CVE-2006-4974date:2017-10-19T01:29:27.800

SOURCES RELEASE DATE
db:VULHUBid:VHN-21082date:2006-09-25T00:00:00
db:BIDid:23260date:2007-04-02T00:00:00
db:BIDid:20121date:2006-09-20T00:00:00
db:JVNDBid:JVNDB-2006-002158date:2012-09-25T00:00:00
db:PACKETSTORMid:50260date:2006-09-26T19:26:53
db:CNNVDid:CNNVD-200609-412date:2006-09-24T00:00:00
db:NVDid:CVE-2006-4974date:2006-09-25T01:07:00