ArGoSoft FTP Server XCWD Remote Overflow

medium Nessus Plugin ID 15439

Synopsis

The remote host is running an FTP server which is affected by a remote buffer overrun vulnerability.

Description

The remote host is running the ArGoSoft FTP server.

It was possible to shut down the remote FTP server by issuing a XCWD command followed by a too long argument.

This problem allows an attacker to prevent the remote site i from sharing some resources with the rest of the world.

Solution

Upgrade to 1.4.1.2 or newer.

See Also

https://seclists.org/vuln-dev/2003/Sep/59

Plugin Details

Severity: Medium

ID: 15439

File Name: argosoft_server_xcmd.nasl

Version: 1.20

Type: remote

Family: FTP

Published: 10/8/2004

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score from a more in depth analysis done by tenable

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: ftp/login

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 9/23/2003

Reference Information

BID: 8704