<<< Date Index >>>     <<< Thread Index >>>

ArGoSoft FTP Server 1.4.2.8 Buffer Overflow



-=[--------------------ADVISORY-------------------]=-

-=[                                                                         
]=-

-=[ ArGoSoft FTP 1.4.2.8                                   ]=-

-=[                                                                         
]=-

-=[ Author: CorryL [corryl80@xxxxxxxxx]     ]=-

-=[                                                                         
]=-

-=[-------------------------------------------------------]=-

-=[+] Application: ArGoSoft FTP Server

-=[+] Version: 1.4.2.8

-=[+] Vendor's URL: www.argosoft.com

-=[+] Platform: Windows

-=[+] Bug type: Buffer overflow

-=[+] Exploitation: Remote/Local

-=[-]

-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~

-=[+] Reference: www.x0n3-h4ck.org



..::[ Descriprion ]::..

ArGoSoft FTP Server and' a demon user-friendly FTP and installation.

..::[ Bug ]::..

This software and' affection from a buffer overflow,

naturally to be able to exploit this bug needs to log in the ftp,

the problem it is on the command DELE, I have made a will this bug on
windows 2003

..::[ Proof Of Concept ]::..

DELE \x41 x 2000

..::[ Workaround ]::..

To disable the command DELE from the consule of USERS administration

..::[ Disclousure Timeline ]::..

[26/02/2005] - Vendor notification

[27/02/2005] - Vendor Response

[08/03/2005] - No patch relase from vendor

[08/03/2005] - Public disclousure

CorryL
corryl80@xxxxxxxxx
www.x0n3-h4ck.org
Italian Security Team

_________________________________
www.seekstat.it is your web stat