WS_FTP 2007 Professional SCP handling format string vulnerability Jan 26 2007 10:55PM
Michal Bucko (michal bucko hack pl)
Synopsis: WS_FTP 2007 Professional SCP handling format string vulnerability
Product: WS_FTP 2007 Professional
Vendor: Ipswitch



I. Background



"[..]Transfer files anywhere, anytime, with complete security.

* Lightning fast transfer speeds
* Industry leading security
* Time saving features include schedule, backup, and email
notifications[..]"



II. Problem Description
Remote code execution is possible.

III. Details
SCP handling module is vulnerable to format string vulnerability.
Opening a specially crafted SCP file with WS_FTP 2007 script handler
might lead to arbitrary code execution. The specially crafted file
uses the WS_FTP script command "SHELL" and executes the file with
the specially crafted name. The file is access using "file://".

Kind regards,

Michal Bucko (sapheal)

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus