Detections
Analytics

WFTPD APPE Command Buffer Overflow

medium Nessus Plugin ID 24671

Language:

Synopsis

The remote FTP server is affected by a buffer overflow vulnerability.

Description

The remote host appears to be using WFTPD, an FTP server for Windows.

The version of WFTPD installed on the remote host contains a stack- based buffer overflow vulnerability that can be exploited by an authenticated, possibly anonymous, user with a specially crafted APPE command to crash the affected application or execute arbitrary code on the affected host.

Solution

Unknown at this time.

See Also

https://seclists.org/fulldisclosure/2006/Nov/108

Plugin Details

Severity: Medium

ID: 24671

File Name: wftpd_appe_overflow.nasl

Version: 1.20

Type: remote

Family: FTP

Published: 2/19/2007

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:L/Au:M/C:P/I:P/A:P

Vulnerability Information

Required KB Items: ftp/login, ftp/password

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 11/8/2006

Reference Information

CVE: CVE-2006-5826

BID: 20942