ArGoSoft FTP Server DELE Buffer Overflow

High Nessus Network Monitor Plugin ID 2684

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host is running the ArGoSoft FTP Server. This version of ArGoSoft FTP Server is vulnerable to a flaw when parsing a malicious DELE command from an authenticated (or anonymous) user. An attacker exploiting this flaw would be able to execute arbitrary code on the remote FTP server.

Solution

Upgrade or patch according to vendor recommendations.

Plugin Details

Severity: High

ID: 2684

File Name: 2684.prm

Family: FTP Servers

Published: 2005/03/08

Modified: 2016/01/21

Dependencies: 1803, 1804

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:U/RC:ND

CVSSv3

Base Score: 7.3

Temporal Score: 6.7

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:U/RL:U/RC:X

Reference Information

CVE: CVE-2005-0696

BID: 12755

OSVDB: 14611