lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <123277447245a81130006049.47954328.Active.mail@poczta.nazwa.pl>
Date: Fri, 12 Jan 2007 23:52:32 +0100
From: sapheal@...k.pl
To: bugtraq@...urityfocus.com
Subject: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability

Synopsis: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability
Product: Ipswitch WS_FTP 2007 Professional 


Issue and details:
===========

The vulnerability was found in wsbho2k0.dll. Function Open ( String ) when given a long argument leads to memory corruption conditions. However, as the issue involves the control
that is not marked safe for scripting nor for initialization, it cannot be exploited remotely. Moreover, as for know I have not proved it is exploitable.


Unhandled exception at 0x7c840a81 in wsftpurl.exe: 0xC0000005: Access violation reading location 0x41414141.

In order to analyze the vulnerability one might execute wsftpurl.exe with a long argument. 


When providing a specially crafted string:
"A buffer overrun has been detected which overrun program's internal state".


Additional information:
==============

As for now I am not aware of any exploits for this issue or even proofs that it is exploitable. 


Kind regards,

Michal Bucko (sapheal)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ