Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: FTP Vulnerability & Accompanying Activity - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
FTP Vulnerability & Accompanying Activity
FTP Vulnerability and activity

With a significant increase in Port 21 traffic over the past few days;

Coupled with a release by Secunia regarding WS_FTP;

@ Secunia:

Release Date: 2004-11-30

WS_FTP Server FTP Commands Buffer Overflow Vulnerabilities



Highly critical

Impact: System access

Where: From remote

Solution Status: Unpatched

Software: WS_FTP Server 3.x

WS_FTP Server 4.x

WS_FTP Server 5.x

Successful exploitation allows execution of arbitrary code.

The vulnerabilities have been confirmed in version 5.03. Other versions may
also be affected.

NOTE: Exploit code has been published.

This creates a situation in which we have a known vulnerability actively being searched and, possibly, successfully compromise of systems.


A good policy would go a long way in protecting against this vulnerability. Grant only trusted users access to a vulnerable server, and Filter overly long arguments in a FTP proxy.

Tony Carothers

Handler on Duty

with help from P. Noli.... er, Nolan

150 Posts
ISC Handler
Dec 6th 2004

Sign Up for Free or Log In to start participating in the conversation!