WS_FTP MKD command buffer overflow

Added: 03/10/2006
CVE: CVE-2004-1135
BID: 11772
OSVDB: 12509

Background

WS_FTP Server is an FTP server for Windows platforms.

Problem

A buffer overflow vulnerability in the MKD command could allow an attacker to execute commands on the server. If the anonymous FTP account is enabled, the attacker would not need to know a valid login and password in order to exploit the vulnerability.

Resolution

Upgrade to WS_FTP Server 5.04 or higher.

References

http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1330.html

Limitations

Exploit works on WS_FTP Server 5.03 and requires a valid FTP user name and password.

Platforms

Windows

Back to exploit index