OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: _at_stake advisories (_at_stake)
Date: Thu Aug 08 2002 - 11:16:30 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

                                   stake, Inc.
                                 www.atstake.com

                                Security Advisory

    Advisory Name: WS_FTP SITE CPWD Buffer Overflow vulnerability
     Release Date: 08/08/2002
      Application: WS_FTP SERVER 3.1.1
         Platform: Windows NT/2000/XP
         Severity: A buffer overflow occurs allowing the
                   remote execution of arbitrary code
           Author: Andreas Junestam (andreasatstake.com)
    Vendor Status: Patch is released
    CVE Candidate: CAN-2002-0826
        Reference: www.atstake.com/research/advisories/2002/a080802-1.txt

    Overview:

    WS_FTP Server is a widely used FTP Server for the Microsoft
    NT/2000/XP platform.

    There exists a vulnerability within the software, which allows an
    attacker to overwrite the return address on the stack, thus taking
    control of the execution flow. This allows the attacker to run
    arbitrary code on the system remotely

    Detailed Description:

    The WS_FTP Server allows users to change their password through
    a site command, "site cpwd". The code handling the argument supplied
    with this site command contains an unchecked string copy, allowing
    an attacker to overwrite the return address stored on the stack.
    Since the WS_FTP Server is running as a service, in most cases it will
    be executing as SYSTEM.

    The feature to allow user to change their passwords is enabled by
    deafult, but it is possible for a WS_FTP Server administrator to turn
    this functionality off.

    Vendor Response:

    This issue was reported to Ipswitch on July 25, 2002 and a patch was
    produced short thereafter.

    Recommendation:

    Install the patch provided by Ipswitch:
    ftp://ftp.ipswitch.com/ipswitch/product_support/WS_FTP_Server/ifs312.exe

    For more info, see:
    http://www.ipswitch.com/Support/WS_FTP-Server/patch-upgrades.html

    Also, consider turning off all unused features and run the software
    under a less privileged account.

    Common Vulnerabilities and Exposures (CVE) Information:

    The Common Vulnerabilities and Exposures (CVE) project has
    assigned the following names to these issues. These are candidates for
    inclusion in the CVE list (http://cve.mitre.org), which standardizes
    names for security problems.

      CAN-2002-0926 WS_FTP SITE CPWD Buffer Overflow vulnerability

    stake Vulnerability Reporting Policy:
    http://www.atstake.com/research/policy/

    stake Advisory Archive:
    http://www.atstake.com/research/advisories/

    PGP Key:
    http://www.atstake.com/research/pgp_key.asc

    Copyright 2002 stake, Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0.3

    iQA/AwUBPVJ5SEe9kNIfAm4yEQJ45QCg8ZQeT5YBnM+M828g4/ADvDjQhqsAoLBj
    8/7ChofztBBYnruT3tu62Kgr
    =WJ3k
    -----END PGP SIGNATURE-----