SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   WS_FTP Pro Vendors:   Ipswitch
WS_FTP Pro ASCII Mode Directory Listing Buffer Overflow May Let Remote Servers Execute Arbitrary Code
SecurityTracker Alert ID:  1009424
SecurityTracker URL:  http://securitytracker.com/id/1009424
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Apr 3 2004
Original Entry Date:  Mar 15 2004
Impact:   Execution of arbitrary code via network, User access via network
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 8.02
Description:   A buffer overflow vulnerability was reported in the WS_FTP Pro client software. A remote server may be able to cause arbitrary code to be executed on a connected client.

It is reported that a remote FTP server can send specially crafted ASCII mode directory data to a connected client to trigger the overflow. If the returned data has more than 260 bytes without a terminating CR/LF (such as a long directory or file name), memory will be overwritten with user-supplied data, the report said. It may be possible to execute arbitrary code, but the report did not confirm that.

Impact:   A remote server may be able to execute arbitrary code on a connected client.
Solution:   The vendor issued a new version (8.03) to fix the flaw, but nesumin reported that 8.03 is still vulnerable [see the Message History].
Vendor URL:  www.ipswitch.com/products/WS_FTP/index.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Apr 3 2004 (Version 8.03 is Vulnerable) WS_FTP Pro ASCII Mode Directory Listing Buffer Overflow May Let Remote Servers Execute Arbitrary Code
nesumin reported that the ostensibly fixed version (8.03) is still affected.



 Source Message Contents

Subject:  ws_ftp overflow




Product: WS_FTP Pro v8.02 and probably earlier versions.
Vendor:  Ipswitch

Vendor's Product Description:

WS_FTP Pro is the market leader in Windows-based FTP (file transfer protocol) client software. It enables users and organizations
 to move files between local and remote systems while enjoying the utmost in: 

Problem:

WS_FTP Pro suffers a buffer over-run when ASCII mode directory data is passed to the client from the server, and this data exceeds
 260 bytes without a terminating CR/LF.  The application crashes with an error stating "instruction at 0xNNNNNNNN has addressed memory
 at ..." where 0xNNNNNNNN is a value in the overflowed buffer; suggesting that it is possible to cause WS_FTP Pro to continue execution
 at another location in memory - arbitrary code execution (?)

This problem can be demonstrated by creation of a long filename or directory name (250 bytes or more) in the ftp directory on the
 server, connecting to it and viewing the directory listing.  

Fix:  

Ipswitch was contacted about this problem, and version 8.03 appears to have solved it.  Update!

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC