lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 19 Mar 2004 20:18:38 +0900
From: nesumin <nesumin@...thome.net>
To: bugtraq@...urityfocus.com
Subject: Re[2]: ws_ftp overflow (WS_FTP Pro 8.0.3 is vulnerable)


Hi all,

It have been confirmed by Oliver Schneider that "WS_FTP Pro 8.0.3 License
Version" is also vulnerable to this vulnerability.
(Thanks! Mr. Oliver ;-)


Regards,
nesumin


-----Original Message-----
From: nesumin@...thome.net
Sent: Wed, 17 Mar 2004 00:02:10 +0900
To: john layman <john@...erteq.net>, bugtraq@...urityfocus.com
Subject: Re: ws_ftp overflow


> Hello, john,
> 
> It seems vendor has tried to prevent this stack-based buffer overflow in
> version 8.0.3.0 by limiting our data's size less than 0x0200 bytes.
> But the size of buffer which they have allocated to treat our data was
> 0x0100 bytes only.
> As far as I have tested on WS_FTP Pro 8.0.3.0 Evaluation Version,
> I could execute the code by exploiting this vulnerability.
> 
> Therefore it appears that this vulnerability has not been solved yet
> though I don't know whether "Non Evaluation Version" is vulnerable
> or not.
> 
> By the way, I had reported the same vulnerability of "WS_FTP Pro 7.6.2.0"
> and prior versions to Ipswitch in 2003/05/08 although I could not get a
> good response.
> 
> 
> Regards,
> nesumin
> 
> 
> -----Original Message-----
> From: john layman <john@...erteq.net>
> Sent: 14 Mar 2004 21:41:30 -0000
> To: bugtraq@...urityfocus.com
> Subject: ws_ftp overflow
> 
> 
> > 
> > 
> > Product: WS_FTP Pro v8.02 and probably earlier versions.
> > Vendor:  Ipswitch
> > 
> > Vendor's Product Description:
> > 
> > WS_FTP Pro is the market leader in Windows-based FTP (file transfer protocol) client software. It enables users and organizations to move files between local and remote systems while enjoying the utmost in: 
> > 
> > Problem:
> > 
> > WS_FTP Pro suffers a buffer over-run when ASCII mode directory data is passed to the client from the server, and this data exceeds 260 bytes without a terminating CR/LF.  The application crashes with an error stating "instruction at 0xNNNNNNNN has addressed memory at ..." where 0xNNNNNNNN is a value in the overflowed buffer; suggesting that it is possible to cause WS_FTP Pro to continue execution at another location in memory - arbitrary code execution (?)
> > 
> > This problem can be demonstrated by creation of a long filename or directory name (250 bytes or more) in the ftp directory on the server, connecting to it and viewing the directory listing.  
> > 
> > Fix:  
> > 
> > Ipswitch was contacted about this problem, and version 8.03 appears to have solved it.  Update!



Powered by blists - more mailing lists