GEN:SID 1:1379
Message FTP STAT overflow attempt
Summary This event is generated when an attempt is made to exploit a buffer
overflow vulnerability associated with IPSWITCH WS_FTP server for
Windows hosts.
Impact Remote administrator access.  A successful attack can allow remote
execution of arbitrary commands with privileges of administrator.
Detailed Information A buffer overflow exists in WS_FTP server that may permit the execution
of arbitrary commands with the privileges of administrator.  The exploit
can be generated by FTP client sending a STAT command accompanied by an
argument greater than 479 bytes long.  This exploit requires login
access to the FTP server.
Affected Systems Hosts running WS_FTP server 2.0.3.
Attack Scenarios An attacker may login to a vulnerable WS_FTP server and supply an overly
long file argument to cause a buffer overflow, allowing execution of
arbitrary commands with the privileges of administrator.
Ease of Attack Simple.  
Corrective Action Upgrade to the latest non-affected version of the software.
Additional References Security Focus:
http://www.securityfocus.com/advisories/3641
Rule References bugtraq: 3507
bugtraq: 8542
cve: 2001-0325
cve: 2001-1021
url: labs.defcom.com/adv/2001/def-2001-31.txt