Product: WS_FTP Pro v8.02 and probably earlier versions.
Vendor: Ipswitch
Vendor's Product Description:
WS_FTP Pro is the market leader in Windows-based FTP (file transfer protocol) client software. It enables users and organizations to move files between local and remote systems while enjoying the utmost in:
Problem:
WS_FTP Pro suffers a buffer over-run when ASCII mode directory data is passed to the client from the server, and this data exceeds 260 bytes without a terminating CR/LF. The application crashes with an error stating "instruction at 0xNNNNNNNN has addressed memory at ..." where 0xNNNNNNNN is a value in the overflowed buffer; suggesting that it is possible to cause WS_FTP Pro to continue execution at another location in memory - arbitrary code execution (?)
This problem can be demonstrated by creation of a long filename or directory name (250 bytes or more) in the ftp directory on the server, connecting to it and viewing the directory listing.
Fix:
Ipswitch was contacted about this problem, and version 8.03 appears to have solved it. Update!
Product: WS_FTP Pro v8.02 and probably earlier versions.
Vendor: Ipswitch
Vendor's Product Description:
WS_FTP Pro is the market leader in Windows-based FTP (file transfer protocol) client software. It enables users and organizations to move files between local and remote systems while enjoying the utmost in:
Problem:
WS_FTP Pro suffers a buffer over-run when ASCII mode directory data is passed to the client from the server, and this data exceeds 260 bytes without a terminating CR/LF. The application crashes with an error stating "instruction at 0xNNNNNNNN has addressed memory at ..." where 0xNNNNNNNN is a value in the overflowed buffer; suggesting that it is possible to cause WS_FTP Pro to continue execution at another location in memory - arbitrary code execution (?)
This problem can be demonstrated by creation of a long filename or directory name (250 bytes or more) in the ftp directory on the server, connecting to it and viewing the directory listing.
Fix:
Ipswitch was contacted about this problem, and version 8.03 appears to have solved it. Update!
[ reply ]