The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


WS_FTP Home 2007 NetscapeFTPHandler denial of service


<< Previous INDEX Search src / Print Next >>
Date: Sat, 21 Apr 2007 22:42:26 +0200
From: "Michal Bucko" <michal.bucko@hack.pl.>
To: [email protected]
Subject: WS_FTP Home 2007 NetscapeFTPHandler denial of service
Content-Type: text/plain;
        charset="iso-8859-2"
MIME-Version: 1.0
X-Mailer: home.pl my.webmail
X-Priority: 3
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: antivirus-gw at tyumen.ru

Synopsis:  WS_FTP Home 2007 NetscapeFTPHandler denial of service 
Product:   WS_FTP Home 2007


Author:    Michal Bucko (sapheal)

Issue:
======

WS_FTP Home 2007 NetscapeFTPHandler is prone to a denial of service
vulnerability. The vulnerability stems from null pointer dereference.


ESI 00000000

75DC3E09	MOVZX EAX,WORD PTR [ESI]	



The vulnerability can be triggered by the execution of a function
with improper arguments:

int Initialize ( char *str1, char *str2)  


By the way, WS_FTP server cannot deal with WS_FTP's secure loader - I found
a few other probable problems regarding WS_FTP but, still, couldn't verify 
those. Exception occurs and information appears on the screen. The problem
lies, for the second time, in null pointer dereference. I am probalby going 
to give more information at hack.pl as soon I fully understand the issue 
with 
WS_FTP.

rgds,

michal




<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2025 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру