ArGoSoft FTP Server DELE Buffer Overflow

high Nessus Network Monitor Plugin ID 2684

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host is running the ArGoSoft FTP Server. This version of ArGoSoft FTP Server is vulnerable to a flaw when parsing a malicious DELE command from an authenticated (or anonymous) user. An attacker exploiting this flaw would be able to execute arbitrary code on the remote FTP server.

Solution

Upgrade or patch according to vendor recommendations.

Plugin Details

Severity: High

ID: 2684

Family: FTP Servers

Published: 3/8/2005

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:argosoft:ftp_server

Reference Information

CVE: CVE-2005-0696

BID: 12755