ArGoSoft FTP Server 1.4.2.8 Buffer Overflow
-=[--------------------ADVISORY-------------------]=-
-=[
]=-
-=[ ArGoSoft FTP 1.4.2.8 ]=-
-=[
]=-
-=[ Author: CorryL [corryl80@xxxxxxxxx] ]=-
-=[
]=-
-=[-------------------------------------------------------]=-
-=[+] Application: ArGoSoft FTP Server
-=[+] Version: 1.4.2.8
-=[+] Vendor's URL: www.argosoft.com
-=[+] Platform: Windows
-=[+] Bug type: Buffer overflow
-=[+] Exploitation: Remote/Local
-=[-]
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~
-=[+] Reference: www.x0n3-h4ck.org
..::[ Descriprion ]::..
ArGoSoft FTP Server and' a demon user-friendly FTP and installation.
..::[ Bug ]::..
This software and' affection from a buffer overflow,
naturally to be able to exploit this bug needs to log in the ftp,
the problem it is on the command DELE, I have made a will this bug on
windows 2003
..::[ Proof Of Concept ]::..
DELE \x41 x 2000
..::[ Workaround ]::..
To disable the command DELE from the consule of USERS administration
..::[ Disclousure Timeline ]::..
[26/02/2005] - Vendor notification
[27/02/2005] - Vendor Response
[08/03/2005] - No patch relase from vendor
[08/03/2005] - Public disclousure
CorryL
corryl80@xxxxxxxxx
www.x0n3-h4ck.org
Italian Security Team
_________________________________
www.seekstat.it is your web stat