lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Mar 2004 20:18:38 +0900 From: nesumin <nesumin@...thome.net> To: bugtraq@...urityfocus.com Subject: Re[2]: ws_ftp overflow (WS_FTP Pro 8.0.3 is vulnerable) Hi all, It have been confirmed by Oliver Schneider that "WS_FTP Pro 8.0.3 License Version" is also vulnerable to this vulnerability. (Thanks! Mr. Oliver ;-) Regards, nesumin -----Original Message----- From: nesumin@...thome.net Sent: Wed, 17 Mar 2004 00:02:10 +0900 To: john layman <john@...erteq.net>, bugtraq@...urityfocus.com Subject: Re: ws_ftp overflow > Hello, john, > > It seems vendor has tried to prevent this stack-based buffer overflow in > version 8.0.3.0 by limiting our data's size less than 0x0200 bytes. > But the size of buffer which they have allocated to treat our data was > 0x0100 bytes only. > As far as I have tested on WS_FTP Pro 8.0.3.0 Evaluation Version, > I could execute the code by exploiting this vulnerability. > > Therefore it appears that this vulnerability has not been solved yet > though I don't know whether "Non Evaluation Version" is vulnerable > or not. > > By the way, I had reported the same vulnerability of "WS_FTP Pro 7.6.2.0" > and prior versions to Ipswitch in 2003/05/08 although I could not get a > good response. > > > Regards, > nesumin > > > -----Original Message----- > From: john layman <john@...erteq.net> > Sent: 14 Mar 2004 21:41:30 -0000 > To: bugtraq@...urityfocus.com > Subject: ws_ftp overflow > > > > > > > > Product: WS_FTP Pro v8.02 and probably earlier versions. > > Vendor: Ipswitch > > > > Vendor's Product Description: > > > > WS_FTP Pro is the market leader in Windows-based FTP (file transfer protocol) client software. It enables users and organizations to move files between local and remote systems while enjoying the utmost in: > > > > Problem: > > > > WS_FTP Pro suffers a buffer over-run when ASCII mode directory data is passed to the client from the server, and this data exceeds 260 bytes without a terminating CR/LF. The application crashes with an error stating "instruction at 0xNNNNNNNN has addressed memory at ..." where 0xNNNNNNNN is a value in the overflowed buffer; suggesting that it is possible to cause WS_FTP Pro to continue execution at another location in memory - arbitrary code execution (?) > > > > This problem can be demonstrated by creation of a long filename or directory name (250 bytes or more) in the ftp directory on the server, connecting to it and viewing the directory listing. > > > > Fix: > > > > Ipswitch was contacted about this problem, and version 8.03 appears to have solved it. Update!
Powered by blists - more mailing lists