OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
WS_FTP Home 2007 NetscapeFTPHandler denial of service

From: Michal Bucko (michal.buckohack.pl)
Date: Sat Apr 21 2007 - 15:42:26 CDT


Synopsis: WS_FTP Home 2007 NetscapeFTPHandler denial of service
Product: WS_FTP Home 2007

Author: Michal Bucko (sapheal)

Issue:
======

WS_FTP Home 2007 NetscapeFTPHandler is prone to a denial of service
vulnerability. The vulnerability stems from null pointer dereference.

ESI 00000000

75DC3E09 MOVZX EAX,WORD PTR [ESI]

The vulnerability can be triggered by the execution of a function
with improper arguments:

int Initialize ( char *str1, char *str2)

By the way, WS_FTP server cannot deal with WS_FTP's secure loader - I found
a few other probable problems regarding WS_FTP but, still, couldn't verify
those. Exception occurs and information appears on the screen. The problem
lies, for the second time, in null pointer dereference. I am probalby going
to give more information at hack.pl as soon I fully understand the issue
with
WS_FTP.

rgds,

michal