From: "CorryL" <corryl@sitoverde.com.>
To: "bugtraq" <bugtraq@securityfocus.com.>
Subject: ArGoSoft FTP Server 1.4.2.8 Buffer Overflow
Date: Tue, 8 Mar 2005 17:41:20 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.3790.0
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
X-Virus-Scanned: antivirus-gw at tyumen.ru
-=[--------------------ADVISORY-------------------]=-
-=[
]=-
-=[ ArGoSoft FTP 1.4.2.8 ]=-
-=[
]=-
-=[ Author: CorryL [[email protected]] ]=-
-=[
]=-
-=[-------------------------------------------------------]=-
-=[+] Application: ArGoSoft FTP Server
-=[+] Version: 1.4.2.8
-=[+] Vendor's URL: www.argosoft.com
-=[+] Platform: Windows
-=[+] Bug type: Buffer overflow
-=[+] Exploitation: Remote/Local
-=[-]
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~
-=[+] Reference: www.x0n3-h4ck.org
..::[ Descriprion ]::..
ArGoSoft FTP Server and' a demon user-friendly FTP and installation.
..::[ Bug ]::..
This software and' affection from a buffer overflow,
naturally to be able to exploit this bug needs to log in the ftp,
the problem it is on the command DELE, I have made a will this bug on
windows 2003
..::[ Proof Of Concept ]::..
DELE \x41 x 2000
..::[ Workaround ]::..
To disable the command DELE from the consule of USERS administration
..::[ Disclousure Timeline ]::..
[26/02/2005] - Vendor notification
[27/02/2005] - Vendor Response
[08/03/2005] - No patch relase from vendor
[08/03/2005] - Public disclousure
CorryL
[email protected]
www.x0n3-h4ck.org
Italian Security Team
_________________________________
www.seekstat.it is your web stat
