CVE-2006-5000

Ipswitch WS_FTP Server Checksum Command Parsing Buffer Overflow Vulnerabilities

Severity Score

6.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue.

Múltiples desbordamientos de búfer en WS_FTP Server 5.05 anterior a Hotfix 1, y posiblemente otras versiones anteriores a la 5.0, tienen impacto y vectores de ataque remotos autenticados desconocidos mediante los comandos (1) XCRC, (2) XMD5, y (3) XSHA1. NOTA: en la publicación anterior de este identificador en 26/09/2006, la descripción fue usada por el asunto equivocado.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ipswitch WS_FTP Server. Anonymous access or authentication is required to exploit this vulnerability.
The specific flaw exists due to a lack of bounds checking during the parsing of long string arguments to the 'XCRC', 'XSHA1' and 'XMD5' commands leading to a stack overflow vulnerability. Exploitation requires valid or anonymous FTP server credentials.

*Credits: Anonymous

CVSS Scores

NISTv2 6.5

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-09-26 CVE Reserved
2006-09-26 CVE Published
2024-06-01 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
http://securitytracker.com/id?1016935	Vdb Entry
http://www.securityfocus.com/archive/1/447077/100/0/threaded	Mailing List
https://exchange.xforce.ibmcloud.com/vulnerabilities/41829	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://www.ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp	2023-10-11

URL	Date	SRC
http://www.zerodayinitiative.com/advisories/ZDI-06-029.html	2023-10-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ipswitch Search vendor "Ipswitch"		Ws Ftp Server Search vendor "Ipswitch" for product "Ws Ftp Server"				5.02 Search vendor "Ipswitch" for product "Ws Ftp Server" and version "5.02"		-		Affected
Ipswitch Search vendor "Ipswitch"		Ws Ftp Server Search vendor "Ipswitch" for product "Ws Ftp Server"				5.03 Search vendor "Ipswitch" for product "Ws Ftp Server" and version "5.03"		-		Affected
Ipswitch Search vendor "Ipswitch"		Ws Ftp Server Search vendor "Ipswitch" for product "Ws Ftp Server"				5.05 Search vendor "Ipswitch" for product "Ws Ftp Server" and version "5.05"		-		Affected
Progress Search vendor "Progress"		Ws Ftp Server Search vendor "Progress" for product "Ws Ftp Server"				5.0.2 Search vendor "Progress" for product "Ws Ftp Server" and version "5.0.2"		-		Affected