lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <0836e31fa577f62a61522be5543232f8.qmail@home.pl>
Date: Thu, 01 Feb 2007 15:12:12 +0100
From: "Michal Bucko" <michal.bucko@...k.pl>
To: bugtraq@...urityfocus.com
Subject: Ipswitch WS_FTP Server 5.04 multiple arbitrary code execution 
	vulnerabilities


Synopsis: Ipswitch WS_FTP Server 5.04 multiple arbitrary code execution 
vulnerabilities

Michal Bucko (sapheal), HACKPL.


I. BACKGROUND
"[..]WS_FTP Server is commonly used for setting up an FTP server that 
allows
users to login, download and upload files.[..]", note from Ipswitch web 
site.

II. DESCRIPTION
     
The first Vulnerability lies in iFTPAddU file, which is a part of the 
WS_FTP Server
and allows adding a new user. The iFTPAddU user-adding function cannot 
handle longer
than acceptable strings (it informs that the provided string is too long 
but fails 
to react in an appropriate way). The second vulnerability lies in iFTPAddH, 
which is 
also the part of WS_FTP Server. It is similar to the mentioned above. The 
third vulnerability lies in a edition module. There are local hostnames 
that can be added using iFTPAddH but the WS_FTP Server user cannot modify 
them or delete as the application fails to perform adequate bounds-checks 
on user-supplied input.

Morever, Ipswitch Notification Server might also be vulnerable to remote 
arbitrary code execution but, still, I haven't proved that yet. 



III. IMPACT

Successful exploitation of the vulnerability allows the
attacker to run arbitrary code in context of current user.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ