| VID |
16091 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The ArGoSoft FTP Server, according to its banner, has a buffer overflow vulnerability in the XCWD command. ArGoSoft FTP Server is a freely available FTP server for Microsoft Windows platforms. ArGoSoft FTP Server version 1.4.1.1 and earlier contain a buffer overflow vulnerability, due to insufficient bounds checking when handling data passed to the XCWD command. By sending a specially crafted request containing 4,096 characters or more to the XCWD command, a remote attacker can overflow a buffer and execute arbitrary code on the affected server with the privileges of the FTP server, possibly SYSTEM.
* Note: This check solely relied on the banner of the remote FTP server to assess this vulnerability, so this might be a false positive.
* References:
http://www.osvdb.org/displayvuln.php?osvdb_id=2618
http://www.securiteam.com/windowsntfocus/5HP0K2KB6M.html
http://archives.neohapsis.com/archives/vuln-dev/2003-q3/0169.html
* Platforms Affected:
ArGoSoft FTP Server 1.4.1.1 and earlier
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of ArGoSoft FTP Server (1.4.1.2 or later), available from the ArGoSoft FTP Server Web page at http://www.argosoft.com/applications/ftpserver/download.asp |
| Related URL |
(CVE) |
| Related URL |
8704 (SecurityFocus) |
| Related URL |
13311 (ISS) |
|
