Signature Detail
Short Name |
FTP:EXPLOIT:WSFTP-FMT-STR |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
FTP |
Keywords |
Ipswitch WS_FTP Client Format String Vulnerability |
Release Date |
2011/07/26 |
Update Number |
1961 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
FTP: Ipswitch WS_FTP Client Format String Vulnerability
This signature detects attempts to exploit a known vulnerability against Ipswitch WS_FTP client FTP product. A successful attack can allow remote code execution.
Extended Description
Ipswitch WS_FTP client is prone to a format-string vulnerability it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition. This issue affects the WS_FTP Home and WS_FTP Professional clients.
Affected Products
- Ipswitch WS_FTP Home
- Ipswitch WS_FTP Pro 5
- Ipswitch WS_FTP Pro 6.0.0
- Ipswitch WS_FTP Pro 7.5.0
- Ipswitch WS_FTP Pro 8.0.0 2
- Ipswitch WS_FTP Pro 8.0.0 3
- Ipswitch WS_FTP Pro
References
- BugTraq: 30720
- CVE: CVE-2008-3734