-
Please click the link below for your operating system to download the TSG SysInfo Utility. Click on "Save File" then double-click the file to run it. Copy and paste the report in your initial post. Windows 7 and later (downloads a file named tsginfo.exe) | Windows XP (downloads a file named SysInfo.exe)
WS_FTP Server Vulnerabilities
Stickying this for a week, as usual. All High Risk 
WS_FTP Server ALLO handler buffer overflow
WS_FTP Server, developed by Ipswitch, is an FTP server for Microsoft Windows platforms. WS_FTP Server version 4.0.2 is vulnerable to a buffer overflow, caused by a vulnerability in the ALLO handler. A local or remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system with SYSTEM level privileges.
Platforms Affected:
Ipswitch, Inc.: WS_FTP Server 4.02
Microsoft Corporation: Windows 2000 Any version
Microsoft Corporation: Windows 2003 Server
Microsoft Corporation: Windows NT 4.0
Microsoft Corporation: Windows XP Any version
Remedy:
No remedy available as of March 2004.
Consequences:
Gain Access
http://xforce.iss.net/xforce/xfdb/15561
WS_FTP Server REST denial of service
WS_FTP Server, developed by Ipswitch, is an FTP server for Microsoft Windows platforms. WS_FTP Server version 4.0.2 is vulnerable to a denial of service attack. A local or remote attacker, with write privileges on a directory, could create a specially-crafted file containing a large REST argument and then issue a file upload command to consume all available disk space.
Platforms Affected:
Ipswitch, Inc.: WS_FTP Server 4.02
Microsoft Corporation: Windows 2000 Any version
Microsoft Corporation: Windows 2003 Server
Microsoft Corporation: Windows NT 4.0
Microsoft Corporation: Windows XP Any version
Remedy:
No remedy available as of March 2004.
Consequences:
Denial of Service
http://xforce.iss.net/xforce/xfdb/15560
WS_FTP Server SITE allows elevated privileges
WS_FTP Server, developed by Ipswitch, is an FTP server for Microsoft Windows platforms. WS_FTP Server version 4.0.2 could allow a local or remote attacker to gain elevated privileges on the system. A local or remote attacker with the ability to execute programs as any user could use the backdoor username and password to login and enable the options to edit user-defined SITE FTP commands, which would allow the attacker to execute programs on the system with SYSTEM level privileges.
Platforms Affected:
Ipswitch, Inc.: WS_FTP Server 4.02
Microsoft Corporation: Windows 2000 Any version
Microsoft Corporation: Windows 2003 Any version
Microsoft Corporation: Windows NT 4.0
Microsoft Corporation: Windows XP Any version
Remedy:
No remedy available as of March 2004.
Consequences:
Gain Privileges
http://xforce.iss.net/xforce/xfdb/15558
Regards
eddie
WS_FTP Server ALLO handler buffer overflow
WS_FTP Server, developed by Ipswitch, is an FTP server for Microsoft Windows platforms. WS_FTP Server version 4.0.2 is vulnerable to a buffer overflow, caused by a vulnerability in the ALLO handler. A local or remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system with SYSTEM level privileges.
Platforms Affected:
Ipswitch, Inc.: WS_FTP Server 4.02
Microsoft Corporation: Windows 2000 Any version
Microsoft Corporation: Windows 2003 Server
Microsoft Corporation: Windows NT 4.0
Microsoft Corporation: Windows XP Any version
Remedy:
No remedy available as of March 2004.
Consequences:
Gain Access
http://xforce.iss.net/xforce/xfdb/15561
WS_FTP Server REST denial of service
WS_FTP Server, developed by Ipswitch, is an FTP server for Microsoft Windows platforms. WS_FTP Server version 4.0.2 is vulnerable to a denial of service attack. A local or remote attacker, with write privileges on a directory, could create a specially-crafted file containing a large REST argument and then issue a file upload command to consume all available disk space.
Platforms Affected:
Ipswitch, Inc.: WS_FTP Server 4.02
Microsoft Corporation: Windows 2000 Any version
Microsoft Corporation: Windows 2003 Server
Microsoft Corporation: Windows NT 4.0
Microsoft Corporation: Windows XP Any version
Remedy:
No remedy available as of March 2004.
Consequences:
Denial of Service
http://xforce.iss.net/xforce/xfdb/15560
WS_FTP Server SITE allows elevated privileges
WS_FTP Server, developed by Ipswitch, is an FTP server for Microsoft Windows platforms. WS_FTP Server version 4.0.2 could allow a local or remote attacker to gain elevated privileges on the system. A local or remote attacker with the ability to execute programs as any user could use the backdoor username and password to login and enable the options to edit user-defined SITE FTP commands, which would allow the attacker to execute programs on the system with SYSTEM level privileges.
Platforms Affected:
Ipswitch, Inc.: WS_FTP Server 4.02
Microsoft Corporation: Windows 2000 Any version
Microsoft Corporation: Windows 2003 Any version
Microsoft Corporation: Windows NT 4.0
Microsoft Corporation: Windows XP Any version
Remedy:
No remedy available as of March 2004.
Consequences:
Gain Privileges
http://xforce.iss.net/xforce/xfdb/15558
Regards
eddie
