CVE-2007-0666

Name of the Vulnerable Software and Affected Versions Ipswitch WS FTP Server version 5.04

Description The issue allows FTP site administrators to execute arbitrary code on the system. This can be achieved by providing a long input string to certain files or modules, specifically the (1) iFTPAddU or (2) iFTPAddH file, or to a (3) edition module.

Recommendations For Ipswitch WS FTP Server version 5.04, consider restricting access to the iFTPAddU and iFTPAddH files, as well as the edition module, to minimize the risk of exploitation. As a temporary workaround, limit the input string length to prevent arbitrary code execution until a patch is available.