Vulnerabilities > CVE-2004-0695 - Remote Security vulnerability in WebSTAR

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
4d
nessus
exploit available
metasploit
NVD
Published: 2004-07-27
Updated: 2017-07-11

Summary

Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 and earlier allows remote attackers to execute arbitrary code via a long FTP command.

Vulnerable Configurations

Part Description Count
Application
4D
9

Exploit-Db

  • descriptionWebSTAR FTP Server. CVE-2004-0695. Remote exploit for osx platform
    idEDB-ID:9928
    last seen2016-02-01
    modified2004-07-13
    published2004-07-13
    reporterddz
    sourcehttps://www.exploit-db.com/download/9928/
    titleWebSTAR FTP Server <= 5.3.2 - USER Overflow OS X
  • descriptionWebSTAR FTP Server USER Overflow. CVE-2004-0695. Remote exploit for osx platform
    idEDB-ID:16872
    last seen2016-02-02
    modified2010-09-20
    published2010-09-20
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16872/
    titleWebSTAR FTP Server USER Overflow

Metasploit

descriptionThis module exploits a stack buffer overflow in the logging routine of the WebSTAR FTP server. Reliable code execution is obtained by a series of hops through the System library.
idMSF:EXPLOIT/OSX/FTP/WEBSTAR_FTP_USER
last seen2020-06-04
modified2017-07-24
published2005-11-25
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0695
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/osx/ftp/webstar_ftp_user.rb
titleWebSTAR FTP Server USER Overflow

Nessus

NASL familyFTP
NASL id4D_WEBSTAR_FTP_OVERFLOW.NASL
descriptionThere is a buffer overflow condition in the remote version of 4D WebStar FTP Server installed on the remote host. An attacker may exploit this flaw to execute arbitrary code on the remote host with the privileges of the FTP server (root).
last seen2020-06-01
modified2020-06-02
plugin id14195
published2004-08-03
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/14195
title4D WebStar Pre-authentication FTP Overflow
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if(description)
{
 script_id(14195);
 script_cve_id("CVE-2004-0695");
 script_bugtraq_id(10720);
 script_version ("1.19");
 
 script_name(english:"4D WebStar Pre-authentication FTP Overflow");
 
 script_set_attribute(attribute:"synopsis", value:
"The FTP server is affected by a buffer overflow vulnerability." );
 script_set_attribute(attribute:"description", value:
"There is a buffer overflow condition in the remote version of 4D
WebStar FTP Server installed on the remote host.  An attacker may
exploit this flaw to execute arbitrary code on the remote host with
the privileges of the FTP server (root)." );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2004/Jul/130");
 script_set_attribute(attribute:"solution", value:
"Upgrade to 4D WebStar 5.3.3 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"metasploit_name", value:'WebSTAR FTP Server USER Overflow');
 script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");


 script_set_attribute(attribute:"plugin_publication_date", value: "2004/08/03");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/07/13");
 script_cvs_date("Date: 2018/11/15 20:50:22");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 
 summary["english"] = "Checks for 4D FTP Server";
 
 script_summary(english:summary["english"]);
 
 script_category(ACT_GATHER_INFO);
 
 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
 family["english"] = "FTP";
 script_family(english:family["english"]);
 script_dependencie("http_version.nasl", "ftpserver_detect_type_nd_version.nasl");
 script_require_ports("Services/www", 80, "Services/ftp", 21);
 exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("ftp_func.inc");


# 4D runs both FTP and WWW on the same host
port = get_http_port(default:80);

banner = get_http_banner(port:port);
if ( ! banner ) exit(0);
# Server: 4D_WebSTAR_S/5.3.3 (MacOS X)
if ( "4D_WebSTAR" >< banner &&
     egrep(pattern:"^Server: 4D_WebSTAR.*/([0-4]\.|5\.([0-2]\.|3\.[0-2][^0-9]))", string:banner) ) 
{
 port = get_ftp_port(default: 21);
 ftpbanner = get_ftp_banner(port:port);
 if (egrep(string:ftpbanner, pattern:"^220 FTP server ready\."))
 { 
  security_hole(port);
 }
}

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/82308/webstar_ftp_user.rb.txt
idPACKETSTORM:82308
last seen2016-12-05
published2009-10-28
reporterH D Moore
sourcehttps://packetstormsecurity.com/files/82308/WebSTAR-FTP-Server-USER-Overflow.html
titleWebSTAR FTP Server USER Overflow

References