Reported
March 16, 2004 by John Layman.
VERSIONS
AFFECTED
WS_FTP Pro 8.02 and earlier
DESCRIPTION
A buffer-overrun vulnerability
in WS_FTP Pro 8.02 and earlier can cause arbitrary code execution on the
vulnerable system. If an attacker sends an ASCII mode directory data file that
exceeds 260 bytes, and the file isn't terminated by a carriage return/line feed
(CRLF), a buffer overrun results.
WS_FTP Pro 8.03 isn't vulnerable to this condition.
CREDIT
Discovered by
John Layman.
VENDOR RESPONSE
Buffer-overrun Vulnerability in WS_FTP Pro
3 comments
Hide comments