Description
Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers to execute arbitrary code via Unicode in the RNTO command, as demonstrated by the Infigo FTPStress Fuzzer.
Affected products
- argosoft / ftp_server1.4.1.1 – 1.4.1.1
- argosoft / ftp_server1.4.1.2 – 1.4.1.2
- argosoft / ftp_server1.4.1.3 – 1.4.1.3
- argosoft / ftp_server1.4.1.4 – 1.4.1.4
- argosoft / ftp_server1.4.1.5 – 1.4.1.5
- argosoft / ftp_server1.4.1.6 – 1.4.1.6
- argosoft / ftp_server1.4.1.7 – 1.4.1.7
- argosoft / ftp_server1.4.1.8 – 1.4.1.8
- argosoft / ftp_server1.4.1.9 – 1.4.1.9
- argosoft / ftp_server1.4.2 – 1.4.2
- argosoft / ftp_server1.4.2.1 – 1.4.2.1
- argosoft / ftp_server1.4.2.2 – 1.4.2.2
- argosoft / ftp_server1.4.2.7 – 1.4.2.7
- argosoft / ftp_server1.4.2.8 – 1.4.2.8
- argosoft / ftp_server1.4.2.29 – 1.4.2.29
- argosoft / ftp_server1.4.3.5 – 1.4.3.5
References
- MISChttp://www.securityfocus.com/bid/17789
- MISChttp://www.infigo.hr/en/in_focus/tools
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/1639
- VENDOR_ADVISORYhttp://secunia.com/advisories/19934
- MAILING_LISThttp://marc.info/?l=bugtraq&m=114658586018818&w=2
- MISChttp://www.osvdb.org/25216
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/26197
- VENDOR_ADVISORYhttp://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03
- MISChttp://archives.neohapsis.com/archives/bugtraq/2006-05/0139.html