CVE-2004-1883

Name of the Vulnerable Software and Affected Versions Ipswitch WS FTP Server version 4.0.2

Description The issue involves multiple buffer overflows that allow remote authenticated users to execute arbitrary code. This can be achieved by causing a large error string to be generated by the ALLO handler or by inserting a long hostname or username into a reply to a STAT command while a file is being transferred.

Recommendations For Ipswitch WS FTP Server version 4.0.2, consider disabling the ALLO handler and restricting access to the STAT command as temporary workarounds until a patch is available. Restrict access to the server to minimize the risk of exploitation.