CVE-2005-0519

Description

ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read arbitrary files by uploading a ZIP file containing a shortcut (.LNK) file, using SITE UNZIP to extract the .LNK file onto the server, then accessing the file, a different vulnerability than CVE-2005-0520.

Affected products

argosoft / ftp_server1.4.1.1 – 1.4.1.1
argosoft / ftp_server1.4.1.2 – 1.4.1.2
argosoft / ftp_server1.4.1.3 – 1.4.1.3
argosoft / ftp_server1.4.1.4 – 1.4.1.4
argosoft / ftp_server1.4.1.5 – 1.4.1.5
argosoft / ftp_server1.4.1.6 – 1.4.1.6
argosoft / ftp_server1.4.1.7 – 1.4.1.7
argosoft / ftp_server1.4.1.8 – 1.4.1.8
argosoft / ftp_server1.4.1.9 – 1.4.1.9
argosoft / ftp_server1.4.2 – 1.4.2
argosoft / ftp_server1.4.2.1 – 1.4.2.1
argosoft / ftp_server1.4.2.2 – 1.4.2.2

References

MISChttp://www.securityfocus.com/bid/12487
MISChttp://www.osvdb.org/13614
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/17939
MISChttp://www.argosoft.com/ftpserver/changelist.aspx
VENDOR_ADVISORYhttp://secunia.com/advisories/14172