| VID |
16095 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The ArGoSoft FTP Server, according to its banner, has a security bypass vulnerability via the shortcut files. ArGoSoft FTP Server is a FTP server for Microsoft Windows platforms. ArGoSoft FTP Server versions prior to 1.4.2.7 could allow a remote attacker to bypass certain security restrictions, caused by a vulnerability regarding the upload of compressed shortcut files. This issue is due to the application failing to verify the contents of ZIP files during execution of the 'SITE UNZIP' command. As a result, a remote attacker with write permission on any directory could extract a shortcut (.lnk) file that points to the directory of their choice.
* Note: This check solely relied on the banner of the remote FTP server to assess this vulnerability, so this might be a False Positive.
* References:
http://secunia.com/advisories/14172
* Platforms Affected:
ArGoSoft FTP Server versions prior to 1.4.2.7
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of the ArGoSoft FTP Server (1.4.2.7 or later), available from the ArGoSoft FTP site at http://www.argosoft.com/ftpserver/download.aspx |
| Related URL |
CVE-2005-0519 (CVE) |
| Related URL |
12487 (SecurityFocus) |
| Related URL |
19247 (ISS) |
|
