lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <5af2baf6d7820b1c96ce274b9fdc5005.qmail@home.pl>
Date: Sat, 21 Apr 2007 22:42:26 +0200
From: "Michal Bucko" <michal.bucko@...k.pl>
To: bugtraq@...urityfocus.com
Subject: WS_FTP Home 2007 NetscapeFTPHandler denial of service

Synopsis:  WS_FTP Home 2007 NetscapeFTPHandler denial of service 
Product:   WS_FTP Home 2007


Author:    Michal Bucko (sapheal)

Issue:
======

WS_FTP Home 2007 NetscapeFTPHandler is prone to a denial of service
vulnerability. The vulnerability stems from null pointer dereference.


ESI 00000000

75DC3E09	MOVZX EAX,WORD PTR [ESI]	



The vulnerability can be triggered by the execution of a function
with improper arguments:

int Initialize ( char *str1, char *str2)  


By the way, WS_FTP server cannot deal with WS_FTP's secure loader - I found
a few other probable problems regarding WS_FTP but, still, couldn't verify 
those. Exception occurs and information appears on the screen. The problem
lies, for the second time, in null pointer dereference. I am probalby going 
to give more information at hack.pl as soon I fully understand the issue 
with 
WS_FTP.

rgds,

michal


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ