CVE-2006-5000

Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp	Patch
http://www.zerodayinitiative.com/advisories/ZDI-06-029.html	Vendor Advisory
http://securitytracker.com/id?1016935
https://exchange.xforce.ibmcloud.com/vulnerabilities/41829
http://www.securityfocus.com/archive/1/447077/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:progress:ipswitch_ws_ftp_server:5.0.2:::::::*
	cpe:2.3:a:ipswitch:ws_ftp_server:5.02:::::::*
	cpe:2.3:a:ipswitch:ws_ftp_server:5.03:::::::*
	cpe:2.3:a:ipswitch:ws_ftp_server:5.05:::::::*

Information

Published : 2006-09-26 13:07

Updated : 2019-08-13 07:39

NVD link : CVE-2006-5000

Mitre link : CVE-2006-5000

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

ipswitch

ws_ftp_server

progress

ipswitch_ws_ftp_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp", "name": "http://www.ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-029.html", "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-029.html", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://securitytracker.com/id?1016935", "name": "1016935", "tags": [], "refsource": "SECTRACK"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41829", "name": "wsftp-multiple-commands-bo(41829)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/447077/100/0/threaded", "name": "20060926 ZDI-06-029: Ipswitch WS_FTP Server Checksum Command Parsing Buffer Overflow Vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-5000", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-09-26T20:07Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:progress:ipswitch_ws_ftp_server:5.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp_server:5.02:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp_server:5.03:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp_server:5.05:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-08-13T14:39Z"}