TippingPoint Zero Day Initiative

Ipswitch WS_FTP Server Checksum Command Parsing Buffer Overflow Vulnerabilities

ZDI-06-029: September 26th, 2006

CVE ID

CVE-2006-5000

Affected Vendors

Ipswitch

Affected Products

WS_FTP

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ipswitch WS_FTP Server. Anonymous access or authentication is required to exploit this vulnerability.

The specific flaw exists due to a lack of bounds checking during the parsing of long string arguments to the 'XCRC', 'XSHA1' and 'XMD5' commands leading to a stack overflow vulnerability. Exploitation requires valid or anonymous FTP server credentials.

Vendor Response

Ipswitch has issued an update to correct this vulnerability. More details can be found at:

http://www.ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp

Disclosure Timeline

2006-09-01 - Vulnerability reported to vendor
2006-09-26 - Coordinated public release of advisory

Credit

This vulnerability was discovered by:

Anonymous

Published Advisories

ZDI-08-047: RealNetworks

• published 2008-07-25

ZDI-08-046: RealNetworks

• published 2008-07-25

ZDI-08-045: Apple

• published 2008-07-25

ZDI-08-044: Mozilla Firefox

• published 2008-07-17

ZDI-08-043: Sun Microsystems

• published 2008-07-17

Upcoming Advisories

Microsoft

• reported 2008-07-08, 23 days ago

EMC

• reported 2008-07-07, 24 days ago

EMC

• reported 2008-07-07, 24 days ago

Adobe

• reported 2008-07-03, 28 days ago

Symantec

• reported 2008-06-26, 35 days ago

Recent Press

Apple releases new Mac OS X 10.5.5

• published 2008-07-31, ITWire

High-priority patch fixes critical vulns in RealPlayer

• published 2008-07-25, The Register

Firefox 3.0.1 Fixes 'Carpet Bombing' Issue

• published 2008-07-17, SlashDot

iPhone and iPod Touch updated with security patches

• published 2008-07-11, CNET

Apple TV gets a security update

• published 2008-07-10, CNET