ArGoSoft FTP server remote heap overflow

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: ArGoSoft FTP server remote heap overflow
From: Jerome Athias <jerome.athias@xxxxxxx>
Date: Sat, 25 Feb 2006 18:25:43 +0100
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Thunderbird 1.5 (Windows/20051201)

-- Title:
ArGoSoft FTP server remote heap overflow

-- Affected Products:
ArGoSoft FTP server 1.4.3.5 (current) and prior

-- Affected Vendor:
ArGoSoft - http://www.argosoft.com

-- Impact:
DoS, Arbitrary Code Execution

-- Where:
>From remote

-- Type:
Heap Overflow

-- Vulnerability Details:
A remote attacker with valid credentials is able to trigger a heap
overwrite in ArgoSoft FTP server.
The bug occurs by providing a long argument to the DELE command. This
vulnerability can allow remote attackers to execute arbitrary code or
launch a denial of service attack.

-- Credit:
SecurInfos
https://www.securinfos.info/english/

Prev by Date: [FLSA-2006:176731] Updated perl packages fix security issue
Next by Date: [waraxe-2006-SA#047] - Evading sql-injection filters in phpNuke 7.8
Previous by thread: [FLSA-2006:176731] Updated perl packages fix security issue
Next by thread: Re: ArGoSoft FTP server remote heap overflow
Index(es):
- Date
- Thread