ArGoSoft FTP Server .lnk Shortcut Upload Arbitrary File Manipulation

This script is Copyright (C) 2004-2011 Tenable Network Security, Inc.


Synopsis :

The remote FTP server is affected by an unauthorized access issue.

Description :

The remote host is running ArGoSoft FTP Server.

It is reported that ArGoSoft FTP Server is prone to an attack that
allows link upload. An attacker, exploiting this flaw, may be able to
have read and write access to any files and directories on the FTP
server.

Solution :

Upgrade to ArGoSoft FTP 1.4.2.2 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 15623 (argosoft_ftp_shortcut.nasl)

Bugtraq ID: 11589

CVE ID: CVE-2004-2672