-=[--------------------ADVISORY-------------------]=-
-=[
]=-
-=[ ArGoSoft FTP 1.4.2.8 ]=-
-=[
]=-
-=[ Author: CorryL [[email protected]] ]=-
-=[
]=-
-=[-------------------------------------------------------]=-
-=[+] Application: ArGoSoft FTP Server
-=[+] Version: 1.4.2.8
-=[+] Vendor's URL: www.argosoft.com
-=[+] Platform: Windows
-=[+] Bug type: Buffer overflow
-=[+] Exploitation: Remote/Local
-=[-]
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~
-=[+] Reference: www.x0n3-h4ck.org
…::[ Descriprion ]::…
ArGoSoft FTP Server and' a demon user-friendly FTP and installation.
…::[ Bug ]::…
This software and' affection from a buffer overflow,
naturally to be able to exploit this bug needs to log in the ftp,
the problem it is on the command DELE, I have made a will this bug on
windows 2003
…::[ Proof Of Concept ]::…
DELE \x41 x 2000
…::[ Workaround ]::…
To disable the command DELE from the consule of USERS administration
…::[ Disclousure Timeline ]::…
[26/02/2005] - Vendor notification
[27/02/2005] - Vendor Response
[08/03/2005] - No patch relase from vendor
[08/03/2005] - Public disclousure
CorryL
[email protected]
www.x0n3-h4ck.org
Italian Security Team
www.seekstat.it is your web stat