WS_FTP Home / Professional Format String Vulnerability

Posted on Tuesday, August 19, 2008 @ 16:00:03 CEST in Security
by Raven

SECUNIA ADVISORY ID: SA31504

VERIFY ADVISORY: http://secunia.com/advisories/31504/

CRITICAL: Moderately critical

IMPACT: System access

SOFTWARE:
Ipswitch WS_FTP Professional 2007 - http://secunia.com/product/13838/
Ipswitch WS_FTP Home 2007 - http://secunia.com/product/19609/

DESCRIPTION: securfrog has discovered a vulnerability in WS_FTP Home and Professional, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a format string error when processing responses of the FTP server. This can be exploited by e.g. tricking a user into connecting to a malicious FTP server. Successful exploitation may allow the execution of arbitrary code. The vulnerability is confirmed in WS_FTP Home version 2007.0.0.2 and WS_FTP Professional version 2007.1.0.0. Other versions may also be affected.

SOLUTION: Connect to trusted servers only.

PROVIDED AND/OR DISCOVERED BY: securfrog

ORIGINAL ADVISORY: http://milw0rm.com/exploits/6257
 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 372,917,679
  • Today: 65,018
Server InfoServer Info
  • Dec 09, 2018
  • 10:13 pm CET