ArGoSoft FTP Server 1.4.2.8 Buffer Overflow

To: "bugtraq" <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: ArGoSoft FTP Server 1.4.2.8 Buffer Overflow
From: "CorryL" <corryl@xxxxxxxxxxxxx>
Date: Tue, 8 Mar 2005 17:41:20 +0100
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

-=[--------------------ADVISORY-------------------]=-

-=[                                                                         
]=-

-=[ ArGoSoft FTP 1.4.2.8                                   ]=-

-=[                                                                         
]=-

-=[ Author: CorryL [corryl80@xxxxxxxxx]     ]=-

-=[                                                                         
]=-

-=[-------------------------------------------------------]=-

-=[+] Application: ArGoSoft FTP Server

-=[+] Version: 1.4.2.8

-=[+] Vendor's URL: www.argosoft.com

-=[+] Platform: Windows

-=[+] Bug type: Buffer overflow

-=[+] Exploitation: Remote/Local

-=[-]

-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~

-=[+] Reference: www.x0n3-h4ck.org



..::[ Descriprion ]::..

ArGoSoft FTP Server and' a demon user-friendly FTP and installation.

..::[ Bug ]::..

This software and' affection from a buffer overflow,

naturally to be able to exploit this bug needs to log in the ftp,

the problem it is on the command DELE, I have made a will this bug on
windows 2003

..::[ Proof Of Concept ]::..

DELE \x41 x 2000

..::[ Workaround ]::..

To disable the command DELE from the consule of USERS administration

..::[ Disclousure Timeline ]::..

[26/02/2005] - Vendor notification

[27/02/2005] - Vendor Response

[08/03/2005] - No patch relase from vendor

[08/03/2005] - Public disclousure

CorryL
corryl80@xxxxxxxxx
www.x0n3-h4ck.org
Italian Security Team

_________________________________
www.seekstat.it is your web stat

Prev by Date: Multiple vulnerabilities in paFileDB
Next by Date: failles dans ProjectBB v0.4.5.1
Previous by thread: Multiple vulnerabilities in paFileDB
Next by thread: failles dans ProjectBB v0.4.5.1
Index(es):
- Date
- Thread