[NEWS] WS_FTP Pro ASCII Directory Transfer Buffer Overflow
From: SecuriTeam (support_at_securiteam.com)
To: firstname.lastname@example.org Date: 16 Mar 2004 12:57:14 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
- - - - - - - - -
WS_FTP Pro ASCII Directory Transfer Buffer Overflow
<http://www.ipswitch.com/products/WS_FTP/index.html> WS_FTP Pro is "the
market leader in Windows-based FTP (file transfer protocol) client
software". WS_FTP Pro suffers a buffer over-run when ASCII mode directory
data is passed to the client from the server, and this data exceeds 260
bytes without a terminating CR/LF.
* WS_FTP Pro version 8.02 and prior
* WS_FTP Pro version 8.03 or newer
The WS_FTP Pro can be caused to crash by a malicious server, if that
server sends an ASCII mode directory data which exceeds 260 bytes without
being terminated by a CR/LF. The application will crash with an error
stating "instruction at 0xNNNNNNNN has addressed memory at ..." where
0xNNNNNNNN is a value in the overflowed buffer; suggesting that it is
possible to cause WS_FTP Pro to continue execution at another location in
memory - arbitrary code execution.
This problem can be demonstrated by creation of a long filename or
directory name (250 bytes or more) in the ftp directory on the server,
connecting to it and viewing the directory listing.
The information has been provided by <mailto:email@example.com> John
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: firstname.lastname@example.org
In order to subscribe to the mailing list, simply forward this email to: email@example.com
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.