SAINT CorporationSAINT:A7A10CF11E7898FAA68D50F552ECF42DWS_FTP XCRC buffer overflow
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.969 High
EPSS
Percentile
99.7%
Added: 09/22/2006
CVE: CVE-2006-4847
BID: 20076
OSVDB: 28939
Background
WS_FTP Server is an FTP server for Windows platforms.
Problem
Buffer overflows in multiple FTP commands allow an authenticated attacker to execute arbitrary commands.
Resolution
Upgrade to WS_FTP Server 5.05 Hotfix 1.
References
<http://secunia.com/advisories/21932>
Limitations
Exploit works on WS_FTP Server 5.05 and requires a valid FTP user and password.
Platforms
Windows NT 4.0 SP3
Windows NT 4.0 SP4
Windows NT 4.0 SP5
Windows NT 4.0 SP6 / Windows NT 4.0
Windows 2000 SP0
Windows 2000 SP1
Windows 2000 SP2
Windows 2000 SP3
Windows 2000 SP4 / Windows 2000
Windows XP SP0
Windows XP SP1
Windows XP SP2 / Windows XP
Windows Server 2003
Related
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.969 High
EPSS
Percentile
99.7%