CVE-2001-1021 - Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments

CVE-2001-1021

Summary

Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD.

References

http://archives.neohapsis.com/archives/bugtraq/2001-07/0610.html
http://www.ipswitch.com/Support/WS_FTP-Server/patch-upgrades.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/6911

Vulnerable Configurations

cpe:2.3:a:progress:ws_ftp_server:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:progress:ws_ftp_server:2.0.2:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-10-2023 - 14:45)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bugtraq	20010726 def-2001-28 - WS_FTP server 2.0.2 Buffer Overflow and possible DOS
misc	http://www.ipswitch.com/Support/WS_FTP-Server/patch-upgrades.html
xf	wsftp-long-command-bo(6911)

Last major update

11-10-2023 - 14:45

Published

26-07-2001 - 04:00

Last modified

11-10-2023 - 14:45