Bugtraq mailing list archives
WS_FTP 2007 Professional SCP handling format string vulnerability
From: "Michal Bucko" <michal.bucko () hack pl>
Date: Fri, 26 Jan 2007 23:55:08 +0100
Synopsis: WS_FTP 2007 Professional SCP handling format string vulnerability Product: WS_FTP 2007 Professional Vendor: Ipswitch I. Background "[..]Transfer files anywhere, anytime, with complete security. * Lightning fast transfer speeds * Industry leading security * Time saving features include schedule, backup, and email notifications[..]" II. Problem Description Remote code execution is possible. III. Details SCP handling module is vulnerable to format string vulnerability. Opening a specially crafted SCP file with WS_FTP 2007 script handler might lead to arbitrary code execution. The specially crafted file uses the WS_FTP script command "SHELL" and executes the file with the specially crafted name. The file is access using "file://". Kind regards, Michal Bucko (sapheal)
Current thread:
- WS_FTP 2007 Professional SCP handling format string vulnerability Michal Bucko (Jan 27)