Signature Detail

FTP: Ipswitch WS_FTP Client Format String Vulnerability

This signature detects attempts to exploit a known format string vulnerability in the Ipswitch WS_FTP client FTP product. It is due to the input validation flaw, when parsing a message received by the client from a remote FTP server. A remote attacker may entice the target user to connect to a malicious FTP server and exploit the vulnerability for code injection and execution under the security context of the currently logged in user. In an attack scenario, where arbitrary code is attempted to be injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If the attack code is not executed successfully, the vulnerable application may terminate as a result of memory corruption.

Extended Description

Ipswitch WS_FTP client is prone to a format-string vulnerability it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition. This issue affects the WS_FTP Home and WS_FTP Professional clients.

Affected Products

• Ipswitch WS_FTP Home
• Ipswitch WS_FTP Pro 5
• Ipswitch WS_FTP Pro 6.0.0
• Ipswitch WS_FTP Pro 7.5.0
• Ipswitch WS_FTP Pro 8.0.0 2
• Ipswitch WS_FTP Pro 8.0.0 3
• Ipswitch WS_FTP Pro

References

• BugTraq: 30720
• CVE: CVE-2008-3734