ArGoSoft FTP Server DELE Command Remote Buffer Overrun

medium Nessus Plugin ID 17303

Synopsis

The remote FTP server is affected by a buffer overflow flaw.

Description

According to its banner, the version of ArGoSoft FTP Server installed on the remote host is affected by a heap-based buffer overflow that can be triggered by a malicious user with delete rights who issues a DELE command with an argument exceeding 2000 characters.

Solution

Unknown at this time.

See Also

https://www.securityfocus.com/archive/1/archive/1/426081/100/0/threaded

Plugin Details

Severity: Medium

ID: 17303

File Name: argosoft_ftp_dele_overflow.nasl

Version: 1.18

Type: remote

Family: FTP

Published: 3/9/2005

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 6

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 3/8/2005

Reference Information

CVE: CVE-2005-0696

BID: 12755