Vulnerabilities > CVE-2004-1135 - Denial-Of-Service vulnerability in Ipswitch WS FTP Server 5.03

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
ipswitch
nessus
exploit available
metasploit
NVD
Published: 2005-01-10
Updated: 2017-07-11

Summary

Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands.

Vulnerable Configurations

Part Description Count
Application
Ipswitch
1

Exploit-Db

  • descriptionWS-FTP Server 5.03 MKD Overflow. CVE-2004-1135. Remote exploit for windows platform
    idEDB-ID:16719
    last seen2016-02-02
    modified2010-10-05
    published2010-10-05
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16719/
    titleWS-FTP Server 5.03 MKD Overflow
  • descriptionWS_FTP Server <= 5.03 MKD Remote Buffer Overflow Exploit. CVE-2004-1135. Dos exploit for windows platform
    idEDB-ID:664
    last seen2016-01-31
    modified2004-11-29
    published2004-11-29
    reporterNoPh0BiA
    sourcehttps://www.exploit-db.com/download/664/
    titleWS_FTP Server <= 5.03 MKD Remote Buffer Overflow Exploit

Metasploit

descriptionThis module exploits the buffer overflow found in the MKD command in IPSWITCH WS_FTP Server 5.03 discovered by Reed Arvin.
idMSF:EXPLOIT/WINDOWS/FTP/WSFTP_SERVER_503_MKD
last seen2020-06-01
modified2017-07-24
published2005-11-27
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1135
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/ftp/wsftp_server_503_mkd.rb
titleWS-FTP Server 5.03 MKD Overflow

Nessus

NASL familyFTP
NASL idWSFTP_OVERFLOWS2.NASL
description According to its version number, the remote WS_FTP server is vulnerable to multiple buffer overflows which may be used by an attacker to execute arbitrary code on the remote system.
last seen2020-06-01
modified2020-06-02
plugin id15857
published2004-11-30
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/15857
titleWS_FTP Server Multiple Command Remote Overflow DoS
code
#
# (C) Tenable Network Security
#

include("compat.inc");

if(description)
{
 script_id(15857);
 script_bugtraq_id(11772);
 script_cve_id("CVE-2004-1135");
 script_version ("1.14");

 script_name(english:"WS_FTP Server Multiple Command Remote Overflow DoS");
 script_set_attribute(attribute:"synopsis", value:"The remote FTP server is affected by a buffer overflow vulnerability");
 script_set_attribute(attribute:"description", value:"
According to its version number, the remote WS_FTP server is
vulnerable to multiple buffer overflows which may be used by an
attacker to execute arbitrary code on the remote system.");
 script_set_attribute(attribute:"solution", value:"Upgrade to the latest version of this software.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"metasploit_name", value:'WS-FTP Server 5.03 MKD Overflow');
 script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
 script_set_attribute(attribute:"plugin_publication_date", value: "2004/11/30");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/11/29");
 script_cvs_date("Date: 2018/08/07 16:46:50");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 summary["english"] = "Check WS_FTP server version";
  script_summary(english:summary["english"]);
 
 script_category(ACT_GATHER_INFO);
 
 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
 
 script_family(english:"FTP");
 script_dependencie("ftpserver_detect_type_nd_version.nasl");
 script_require_ports("Services/ftp", 21);
 
 exit(0);
}

#

include ("ftp_func.inc");

port = get_ftp_port(default: 21);
banner = get_ftp_banner(port:port);
if ( ! banner ) exit(1);

if (egrep(pattern:"WS_FTP Server ([0-4]\.|5\.0\.[0-3][^0-9])", string: banner))
	security_hole(port);

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/83216/wsftp_server_503_mkd.rb.txt
idPACKETSTORM:83216
last seen2016-12-05
published2009-11-26
reporterEfrain Torres
sourcehttps://packetstormsecurity.com/files/83216/WS-FTP-Server-5.03-MKD-Overflow.html
titleWS-FTP Server 5.03 MKD Overflow

Saint

bid11772
descriptionWS_FTP MKD command buffer overflow
idftp_wsftpver
osvdb12509
titlews_ftp_mkd_bo
typeremote

References