504909 : Win FTP Server WFTPSRV.exe LIST FTP Command Buffer Overflow

Risk 5 : Miscellaneous

A remote attacker could execute arbitrary commands.

The File Transfer Protocol (FTP) allows a client to store or retrieve files on a server. Win FTP Server is marketed as a professional FTP Server featuring speed, reliability and customization. The server incorporates various enhancements such as real-time information functionality, email notification, event management and product customization using JavaScript and VBScript.

WFTPSRV.exe LIST FTP Command Buffer Overflow

02/09/09 CVE 2009-0351 There exists a buffer overflow vulnerability in Win FTP Server WFTPSRV.exe. The vulnerability is due to insufficient bounds checking on certain FTP service commands. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted FTP LIST service command to the target server, potentially causing arbitrary code injection and execution with the privileges of the affected process.

The WFTPSRV.exe LIST FTP Command Buffer Overflow vulnerability was posted to http://www.securityfocus.com/bid/33454/ Bugtraq ID 33454.

Solution:

http://www.wftpserver.com/download.htm Upgrade to a version higher than Win FTP Server 2.3.0 when available.

References:
CVSS Information:
Low Attack Complexity, Complete Confidentiality Impact, Complete Integrity Impact, Complete Availability Impact
Credit:
Saint Coorporation : 2010-06-12
New Search
Keywords
Risk Factor
Start Date
End Date
Browse