AOH :: HP Unsorted W :: TB10553.HTM

WS_FTP Home 2007 NetscapeFTPHandler denial of service



WS_FTP Home 2007 NetscapeFTPHandler denial of service
WS_FTP Home 2007 NetscapeFTPHandler denial of service



Synopsis:  WS_FTP Home 2007 NetscapeFTPHandler denial of service 
Product:   WS_FTP Home 2007


Author:    Michal Bucko (sapheal)

Issue:
=====
WS_FTP Home 2007 NetscapeFTPHandler is prone to a denial of service
vulnerability. The vulnerability stems from null pointer dereference.


ESI 00000000

75DC3E09	MOVZX EAX,WORD PTR [ESI]=09



The vulnerability can be triggered by the execution of a function
with improper arguments:

int Initialize ( char *str1, char *str2)  


By the way, WS_FTP server cannot deal with WS_FTP's secure loader - I found
a few other probable problems regarding WS_FTP but, still, couldn't verify 
those. Exception occurs and information appears on the screen. The problem
lies, for the second time, in null pointer dereference. I am probalby going 
to give more information at hack.pl as soon I fully understand the issue 
with 
WS_FTP.

rgds,

michal



The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.