CesarFTP Multiple Vulnerabilities (OF, File Access, more)

high Nessus Plugin ID 11755

Language:

Synopsis

The remote FTP server is affected by multiple flaws.

Description

The remote host is running CesarFTP, an FTP server for Windows systems.

There are multiple flaws in this version of CesarFTP that could allow an attacker to execute arbitrary code on this host, or simply to disable this server remotely.

Solution

Remove the software as it has not been updated since 2002.

See Also

https://seclists.org/bugtraq/2001/May/248

http://www.nessus.org/u?9d02484f

http://www.securiteam.com/exploits/5ZP0C0AIUA.html

Plugin Details

Severity: High

ID: 11755

File Name: cesarftp_overflows.nasl

Version: 1.31

Type: remote

Family: FTP

Published: 6/18/2003

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.0

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 5/28/2001

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Cesar FTP 0.99g MKD Command Buffer Overflow)

Reference Information

CVE: CVE-2001-0826, CVE-2001-1335, CVE-2001-1336, CVE-2003-0329, CVE-2004-0298, CVE-2006-2961

BID: 2785, 2786, 2972, 7946, 7950, 9666, 18586