|
Bugtraq
mailing list archives
ws_ftp overflow
From: john layman <john () interteq net>
Date: 14 Mar 2004 21:41:30 -0000
Product: WS_FTP Pro v8.02 and probably earlier versions.
Vendor: Ipswitch
Vendor's Product Description:
WS_FTP Pro is the market leader in Windows-based FTP (file transfer protocol) client software. It enables users and
organizations to move files between local and remote systems while enjoying the utmost in:
Problem:
WS_FTP Pro suffers a buffer over-run when ASCII mode directory data is passed to the client from the server, and this
data exceeds 260 bytes without a terminating CR/LF. The application crashes with an error stating "instruction at
0xNNNNNNNN has addressed memory at ..." where 0xNNNNNNNN is a value in the overflowed buffer; suggesting that it is
possible to cause WS_FTP Pro to continue execution at another location in memory - arbitrary code execution (?)
This problem can be demonstrated by creation of a long filename or directory name (250 bytes or more) in the ftp
directory on the server, connecting to it and viewing the directory listing.
Fix:
Ipswitch was contacted about this problem, and version 8.03 appears to have solved it. Update!
 By Date 
By Thread
Current thread:
- ws_ftp overflow john layman (Mar 15)
| 
Intro
