[34128] in bugtraq
ws_ftp overflow
daemon@ATHENA.MIT.EDU (john layman)
Mon Mar 15 13:18:07 2004
Date: 14 Mar 2004 21:41:30 -0000
Message-ID: <20040314214130.8979.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: john layman <john@interteq.net>
To: bugtraq@securityfocus.com
Product: WS_FTP Pro v8.02 and probably earlier versions.
Vendor: Ipswitch
Vendor's Product Description:
WS_FTP Pro is the market leader in Windows-based FTP (file transfer protocol) client software. It enables users and organizations to move files between local and remote systems while enjoying the utmost in:
Problem:
WS_FTP Pro suffers a buffer over-run when ASCII mode directory data is passed to the client from the server, and this data exceeds 260 bytes without a terminating CR/LF. The application crashes with an error stating "instruction at 0xNNNNNNNN has addressed memory at ..." where 0xNNNNNNNN is a value in the overflowed buffer; suggesting that it is possible to cause WS_FTP Pro to continue execution at another location in memory - arbitrary code execution (?)
This problem can be demonstrated by creation of a long filename or directory name (250 bytes or more) in the ftp directory on the server, connecting to it and viewing the directory listing.
Fix:
Ipswitch was contacted about this problem, and version 8.03 appears to have solved it. Update!
