CVE-2004-1885

Name of the Vulnerable Software and Affected Versions Ipswitch WS FTP Server version 4.0.2

Description The issue allows remote authenticated users to execute arbitrary programs as SYSTEM. This is achieved by using the SITE command to modify certain iFtpSvc options handled by iftpmgr.exe.

Recommendations For Ipswitch WS FTP Server version 4.0.2, consider restricting access to the SITE command until a patch is available. As a temporary workaround, limit the execution of arbitrary programs by modifying the iFtpSvc options to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.