ws_ftp overflow

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: ws_ftp overflow
From: john layman <john@xxxxxxxxxxxx>
Date: 14 Mar 2004 21:41:30 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


Product: WS_FTP Pro v8.02 and probably earlier versions.
Vendor:  Ipswitch

Vendor's Product Description:

WS_FTP Pro is the market leader in Windows-based FTP (file transfer protocol) 
client software. It enables users and organizations to move files between local 
and remote systems while enjoying the utmost in: 

Problem:

WS_FTP Pro suffers a buffer over-run when ASCII mode directory data is passed 
to the client from the server, and this data exceeds 260 bytes without a 
terminating CR/LF.  The application crashes with an error stating "instruction 
at 0xNNNNNNNN has addressed memory at ..." where 0xNNNNNNNN is a value in the 
overflowed buffer; suggesting that it is possible to cause WS_FTP Pro to 
continue execution at another location in memory - arbitrary code execution (?)

This problem can be demonstrated by creation of a long filename or directory 
name (250 bytes or more) in the ftp directory on the server, connecting to it 
and viewing the directory listing.  

Fix:  

Ipswitch was contacted about this problem, and version 8.03 appears to have 
solved it.  Update!

Follow-Ups:
- Re: ws_ftp overflow
  - From: nesumin

Prev by Date: VocalTec Gateway 8 Reverse Directory Transversal + Authorization Bypass
Next by Date: YaBB/YaBBse Cross Site Scripting Vulnerability
Previous by thread: Re: spamblocker turns into mail denial of service
Next by thread: Re: ws_ftp overflow
Index(es):
- Date
- Thread