Ipswitch WS_FTP 2007 SCP Handling Format String Vulnerability
BID:22275
Info
Ipswitch WS_FTP 2007 SCP Handling Format String Vulnerability
| Bugtraq ID: | 22275 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-0665 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 27 2007 12:00AM |
| Updated: | May 12 2015 07:35PM |
| Credit: | Michal Bucko is credited with discovery of this vulnerability. |
| Vulnerable: |
Ipswitch WS FTP Server Professional 2007 |
| Not Vulnerable: | |
Discussion
Ipswitch WS_FTP 2007 SCP Handling Format String Vulnerability
WS_FTP is prone to a format-string vulnerability because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
A successful attack may allow the attacker to crash the application or possibly to execute arbitrary code. This may facilitate unauthorized access or privilege escalation in the context of the user running the application.
WS_FTP is prone to a format-string vulnerability because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
A successful attack may allow the attacker to crash the application or possibly to execute arbitrary code. This may facilitate unauthorized access or privilege escalation in the context of the user running the application.
Exploit / POC
Ipswitch WS_FTP 2007 SCP Handling Format String Vulnerability
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Ipswitch WS_FTP 2007 SCP Handling Format String Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Ipswitch WS_FTP 2007 SCP Handling Format String Vulnerability
References:
References:
- WS FTP Homepage (IpSwitch)
- WS_FTP 2007 Professional SCP handling format string vulnerability (Michal Bucko)