| VID |
16099 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The ArGoSoft FTP Server, according to its banner, has a buffer overflow vulnerability in the DELE command. ArGoSoft FTP Server is a FTP server for Microsoft Windows platforms. ArGoSoft FTP Server versions 1.4.2.8 and earlier are vulnerable to a buffer overflow vulnerability, caused by improper bounds checking in handling data through the DELE command. An attacker with delete rights can crash the affected service and potentially execute arbitrary code by issuing a specially-crafted DELE command with an argument exceeding 2000 characters.
* Note: This check solely relied on the banner of the remote FTP server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2005-03/0166.html
http://secunia.com/advisories/14526/
http://www.osvdb.org/displayvuln.php?osvdb_id=14611
* Platforms Affected:
ArGoSoft FTP Server versions 1.4.2.8 and earlier
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of March 2005.
Upgrade to the new version of ArGoSoft FTP Server, when new version fixed this problem becomes available from the ArGoSoft Web site at http://www.argosoft.com/ftpserver/download.aspx |
| Related URL |
CVE-2005-0696 (CVE) |
| Related URL |
12755 (SecurityFocus) |
| Related URL |
19631 (ISS) |
|
