Skip navigation

Buffer-overrun Vulnerability in WS_FTP Pro

Reported March 16, 2004 by John Layman.

 

 

VERSIONS AFFECTED

 

  • WS_FTP Pro 8.02 and earlier

 

DESCRIPTION

 

A buffer-overrun vulnerability in WS_FTP Pro 8.02 and earlier can cause arbitrary code execution on the vulnerable system. If an attacker sends an ASCII mode directory data file that exceeds 260 bytes, and the file isn't terminated by a carriage return/line feed (CRLF), a buffer overrun results.

 
VENDOR RESPONSE

 

WS_FTP Pro 8.03 isn't vulnerable to this condition.

 

CREDIT

Discovered by John Layman.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish