AOH :: HP Unsorted W :: C07-2148.HTM

WS_FTP 2007 Professional SCP handling format string vulnerability



WS_FTP 2007 Professional SCP handling format string vulnerability
WS_FTP 2007 Professional SCP handling format string vulnerability



Synopsis: WS_FTP 2007 Professional SCP handling format string vulnerability
Product: WS_FTP 2007 Professional
Vendor: Ipswitch
 
 
 
I. Background
 
 
 
"[..]Transfer files anywhere, anytime, with complete security.
 
    * Lightning fast transfer speeds
    * Industry leading security
    * Time saving features include schedule, backup, and email 
notifications[..]"
 
 
 
II. Problem Description
Remote code execution is possible.
 
III. Details
SCP handling module is vulnerable to format string vulnerability.
Opening a specially crafted SCP file with WS_FTP 2007 script handler
might lead to arbitrary code execution. The specially crafted file 
uses the WS_FTP script command "SHELL" and executes the file with
the specially crafted name. The file is access using "file://".
 
 
 

Kind regards,
 
Michal Bucko (sapheal)


The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.