WS_FTP 2007 Professional SCP handling format string vulnerability

From: "Michal Bucko" <michal.bucko@xxxxxxx>
Date: Fri, 26 Jan 2007 23:55:08 +0100

Synopsis: WS_FTP 2007 Professional SCP handling format string vulnerability
Product: WS_FTP 2007 Professional
Vendor: Ipswitch

I. Background

"[..]Transfer files anywhere, anytime, with complete security.

* Lightning fast transfer speeds
* Industry leading security
* Time saving features include schedule, backup, and email
notifications[..]"

II. Problem Description
Remote code execution is possible.

III. Details
SCP handling module is vulnerable to format string vulnerability.
Opening a specially crafted SCP file with WS_FTP 2007 script handler
might lead to arbitrary code execution. The specially crafted file
uses the WS_FTP script command "SHELL" and executes the file with
the specially crafted name. The file is access using "file://".

Kind regards,

Michal Bucko (sapheal)

Prev by Date: Dexia website security alert
Next by Date: Re: [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed
Previous by thread: Dexia website security alert
Next by thread: [ MDKSA-2007:029 ] - Updated libsoup packages fix DoS vulnerability
Index(es):
- Date
- Thread

Relevant Pages

[NEWS] Mac OS X pppd Format String Vulnerability
... Get your security news from a reliable source. ... This is fixed in Security Update 2004-02-23 for Mac OS X 10.3.2 and Mac OS ... Common Vulnerabilities and Exposures (CVE) Information: ... CAN-2004-0165 Mac OS X pppd format string vulnerability. ...
(Securiteam)
[NT] Format String and Buffer Overflow in the IRC Client of Trillian
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... INVITE Format String Vulnerability: ... user and store the shellcode there. ... DCC Chat Buffer Overflow: ...
(Securiteam)
[Full-Disclosure] [ GLSA 200503-06 ] BidWatcher: Format string vulnerability
... BidWatcher is vulnerable to a format string vulnerability, ... BidWatcher is a free auction tool for eBay users to keep track of their ... Security is a primary focus of Gentoo Linux and ensuring the ...
(Full-Disclosure)
[Full-Disclosure] [gentoo-announce] [ GLSA 200503-06 ] BidWatcher: Format string vulnerability
... BidWatcher is vulnerable to a format string vulnerability, ... BidWatcher is a free auction tool for eBay users to keep track of their ... Security is a primary focus of Gentoo Linux and ensuring the ...
(Full-Disclosure)
[Full-disclosure] [ GLSA 200508-03 ] nbSMTP: Format string vulnerability
... nbSMTP is vulnerable to a format string vulnerability which may result ... Niels Heinen discovered a format string vulnerability. ... vulnerability to execute arbitrary code with the permissions of the ... Security is a primary focus of Gentoo Linux and ensuring the ...
(Full-Disclosure)