WS_FTP Pro Client Remote Buffer Overflow Vulnerability
BID:9872
Info
WS_FTP Pro Client Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 9872 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 15 2004 12:00AM |
| Updated: | Mar 15 2004 12:00AM |
| Credit: | Discovery is credited to John Layman <[email protected]>. |
| Vulnerable: |
Ipswitch WS_FTP Pro 8.0 3 Ipswitch WS_FTP Pro 8.0 2 |
| Not Vulnerable: | |
Discussion
WS_FTP Pro Client Remote Buffer Overflow Vulnerability
It has been reported that WS_FTP Pro client may be prone to a remote buffer overflow vulnerability that may allow an attacker to execute arbitrary code on a vulnerable system. An attacker may be able to cause a buffer overflow condition in the client by supplying a file or a directory with a large name exceeding 260 bytes without a terminating CR/LF character to the server. The buffer overflow condition would occur when the client attempts to browse through the attacker-supplied directory.
This issue is reported to affect WS_FTP Pro 8.02 and 8.03, however, other versions may be affected as well.
It has been reported that WS_FTP Pro client may be prone to a remote buffer overflow vulnerability that may allow an attacker to execute arbitrary code on a vulnerable system. An attacker may be able to cause a buffer overflow condition in the client by supplying a file or a directory with a large name exceeding 260 bytes without a terminating CR/LF character to the server. The buffer overflow condition would occur when the client attempts to browse through the attacker-supplied directory.
This issue is reported to affect WS_FTP Pro 8.02 and 8.03, however, other versions may be affected as well.
Exploit / POC
WS_FTP Pro Client Remote Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
WS_FTP Pro Client Remote Buffer Overflow Vulnerability
Solution:
Although it was reported that the vendor had released WS_FTP Pro 8.03 to address this issue, it has been found that version 8.03 continues to be vulnerable.
Solution:
Although it was reported that the vendor had released WS_FTP Pro 8.03 to address this issue, it has been found that version 8.03 continues to be vulnerable.
References
WS_FTP Pro Client Remote Buffer Overflow Vulnerability
References:
References:
- Ipswitch Homepage (Ipswitch)
- ws_ftp overflow (john layman