Intrusion Prevention

FTP.Client.Format.String

Description

This indicates an attack attempt against a format string vulnerability in the Ipswitch WS_FTP client FTP product. The vulnerability is caused by an input validation when the vulnerable software processes a message from a remote FTP server. It allows a remote attacker to execute arbitrary code.

Affected Products

Ipswitch WS_FTP Pro 8.0 3
Ipswitch WS_FTP Pro 8.0 2
Ipswitch WS_FTP Pro 7.5
Ipswitch WS_FTP Pro 6.0
Ipswitch WS_FTP Pro 5
Ipswitch WS_FTP Pro 0
Ipswitch WS_FTP Home 0

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply patch, available from the web site:
WS_FTP Professional 2007.1 Hotfix 1 (full English version only):
http://www.ipswitch.com/support/ws_ftp/releases/wsp20071hf1.asp
WS_FTP Home 2007 Hotfix 1 for version 2007.0.0.2 (full English version only):
http://www.ipswitch.com/support/ws_ftp/home/releases/wsh2007hf1.asp

CVE References

CVE-2008-3734