August 12th, 2002, 03:11 PM
Ipswitch WS_FTP Server 3.1.1 vulnerability
This from Security Wire Digest today (08/12/2002):
"*FTP FLAW COULD ALLOW REMOTE CODE EXECUTION
By SWD Staff
Warning of a remote code execution vulnerability in the Ipswitch WS_FTP Server 3.1.1, security consultancy @stake last Thursday recommended affected users patch their systems.
Widely used on the Microsoft NT/2000/XP platforms, an unchecked string copy flaw in the software could allow an attacker to overwrite the return address stored on the stack and remotely run arbitrary code.
Ipswitch has issued a patch and also recommends turning off all unused features and running the software under a less-privileged account. http:http://www.atstake.com/research/advi.../a080802-1.txt