lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20040314214130.8979.qmail@www.securityfocus.com>
Date: 14 Mar 2004 21:41:30 -0000
From: john layman <john@...erteq.net>
To: bugtraq@...urityfocus.com
Subject: ws_ftp overflow




Product: WS_FTP Pro v8.02 and probably earlier versions.
Vendor:  Ipswitch

Vendor's Product Description:

WS_FTP Pro is the market leader in Windows-based FTP (file transfer protocol) client software. It enables users and organizations to move files between local and remote systems while enjoying the utmost in: 

Problem:

WS_FTP Pro suffers a buffer over-run when ASCII mode directory data is passed to the client from the server, and this data exceeds 260 bytes without a terminating CR/LF.  The application crashes with an error stating "instruction at 0xNNNNNNNN has addressed memory at ..." where 0xNNNNNNNN is a value in the overflowed buffer; suggesting that it is possible to cause WS_FTP Pro to continue execution at another location in memory - arbitrary code execution (?)

This problem can be demonstrated by creation of a long filename or directory name (250 bytes or more) in the ftp directory on the server, connecting to it and viewing the directory listing.  

Fix:  

Ipswitch was contacted about this problem, and version 8.03 appears to have solved it.  Update!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ