Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Windows Net Apps :: win5616.htm

WS_FTP SITE CPWD buffer overflow



9th Aug 2002 [SBWID-5616]
COMMAND

	WS_FTP SITE CPWD buffer overflow

SYSTEMS AFFECTED

	WS_FTP SERVER 3.1.1

PROBLEM

	In  Andreas   Junestam   [andreas@atstake.com]   of   atstake   advisory
	[www.atstake.com/research/advisories/2002/a080802-1.txt] :
	

	"The WS_FTP Server allows users to change their password through a  site
	command, "site cpwd". The code handling the argument supplied with  this
	site command contains an unchecked string copy, allowing an attacker  to
	overwrite the return address stored on the stack."

SOLUTION

	Install the patch provided by Ipswitch:
	

	ftp://ftp.ipswitch.com/ipswitch/product_support/WS_FTP_Server/ifs312.exe

	

	For more info, see:
	

	http://www.ipswitch.com/Support/WS_FTP-Server/patch-upgrades.html

	


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH