Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

WS_FTP 2007 Professional SCP handling format string vulnerability
From: "Michal Bucko" <michal.bucko () hack pl>
Date: Fri, 26 Jan 2007 23:55:08 +0100
Synopsis: WS_FTP 2007 Professional SCP handling format string vulnerability
Product: WS_FTP 2007 Professional
Vendor: Ipswitch
 
 
 
I. Background
 
 
 
"[..]Transfer files anywhere, anytime, with complete security.
 
    * Lightning fast transfer speeds
    * Industry leading security
    * Time saving features include schedule, backup, and email 
notifications[..]"
 
 
 
II. Problem Description
Remote code execution is possible.
 
III. Details
SCP handling module is vulnerable to format string vulnerability.
Opening a specially crafted SCP file with WS_FTP 2007 script handler
might lead to arbitrary code execution. The specially crafted file 
uses the WS_FTP script command "SHELL" and executes the file with
the specially crafted name. The file is access using "file://".
 
 
 

Kind regards,
 
Michal Bucko (sapheal)

  By Date           By Thread  

Current thread:
  • WS_FTP 2007 Professional SCP handling format string vulnerability Michal Bucko (Jan 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]