Bugtraq mailing list archives
ws_ftp overflow
From: john layman <john () interteq net>
Date: 14 Mar 2004 21:41:30 -0000
Product: WS_FTP Pro v8.02 and probably earlier versions. Vendor: Ipswitch Vendor's Product Description: WS_FTP Pro is the market leader in Windows-based FTP (file transfer protocol) client software. It enables users and organizations to move files between local and remote systems while enjoying the utmost in: Problem: WS_FTP Pro suffers a buffer over-run when ASCII mode directory data is passed to the client from the server, and this data exceeds 260 bytes without a terminating CR/LF. The application crashes with an error stating "instruction at 0xNNNNNNNN has addressed memory at ..." where 0xNNNNNNNN is a value in the overflowed buffer; suggesting that it is possible to cause WS_FTP Pro to continue execution at another location in memory - arbitrary code execution (?) This problem can be demonstrated by creation of a long filename or directory name (250 bytes or more) in the ftp directory on the server, connecting to it and viewing the directory listing. Fix: Ipswitch was contacted about this problem, and version 8.03 appears to have solved it. Update!
Current thread:
- ws_ftp overflow john layman (Mar 15)
- Re: ws_ftp overflow nesumin (Mar 16)
- Re[2]: ws_ftp overflow (WS_FTP Pro 8.0.3 is vulnerable) nesumin (Mar 19)
- Re: ws_ftp overflow nesumin (Mar 16)