Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
FTP:EXPLOIT:WSFTP-FMT-STR |
|---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
FTP |
Keywords |
Ipswitch WS_FTP Client Format String Vulnerability |
Release Date |
2011/07/26 |
Update Number |
1961 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
FTP: Ipswitch WS_FTP Client Format String Vulnerability
This signature detects attempts to exploit a known vulnerability against Ipswitch WS_FTP client FTP product. A successful attack can allow remote code execution.
Extended Description
Ipswitch WS_FTP client is prone to a format-string vulnerability it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition. This issue affects the WS_FTP Home and WS_FTP Professional clients.
Affected Products
- Ipswitch ws_ftp_home
- Ipswitch ws_ftp_pro 5
- Ipswitch ws_ftp_pro 6.0.0
- Ipswitch ws_ftp_pro 7.5.0
- Ipswitch ws_ftp_pro 8.0.0 2
- Ipswitch ws_ftp_pro 8.0.0 3
- Ipswitch ws_ftp_pro
References
- BugTraq: 30720
- CVE: CVE-2008-3734