lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3da3d8310701161241u159af35axef000281019959d5@mail.gmail.com>
Date: Tue, 16 Jan 2007 15:41:12 -0500
From: "Eliah Kagan" <degeneracypressure@...il.com>
To: bugtraq@...urityfocus.com
Subject: Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability

On 1/14/07, 3APA3A wrote:
> Pretending  this  vulnerability  IS exploitable, what is security impact
> from  it? What can you achieve by exploiting this vulnerability you cant
> archive without it?

This is a very relevant question, as it appears from the description
that the vulnerability *is* exploitable--for instance if WS_FTP 2007
handles ftp:// URLs (in whatever browser the user is using) and the
user clicks a link with a specially crafted, really long ftp:// URL
(or if the user is told to paste in a ftp:// link and follows the
instructions). That it is not remotely exploitable in some ways does
not necessarily prevent it from being exploitable by an automatic,
off-site mechanism (e.g. a link on a website) in other, more basic
ways requiring simple user interaction. So it could be remotely
exploitable after all.

On the other hand, most people don't tell their browsers to open up a
separate application to handle ftp:// links.

-Eliah

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ