ArGoSoft FTP Server DELE Command Remote Buffer Overrun Vulnerability
BID:12755
Info
ArGoSoft FTP Server DELE Command Remote Buffer Overrun Vulnerability
| Bugtraq ID: | 12755 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 08 2005 12:00AM |
| Updated: | May 03 2006 08:35PM |
| Credit: | Discovery is credited to CorryL <[email protected]>. |
| Vulnerable: |
ArGo Software Design FTP Server 1.4.3 .6 ArGo Software Design FTP Server 1.4.3 .5 ArGo Software Design FTP Server 1.4.2 .8 ArGo Software Design FTP Server 1.4.2.29 |
| Not Vulnerable: | |
Discussion
ArGoSoft FTP Server DELE Command Remote Buffer Overrun Vulnerability
ArGoSoft FTP Server is prone to a buffer overrun when handling data through the DELE command.
Reportedly, passing excessive data may overrun a finite-sized internal memory buffer. A successful attack may result in memory corruption as memory adjacent to the buffer is overwritten with user-supplied data.
This issue may lead to a denial-of-service condition or the execution of arbitrary code.
ArGoSoft FTP Server 1.4.2.8 is reported vulnerable. Other versions may be affected as well.
**Update: The vendor reportedly attempted to address the vulnerability described in this BID in version 1.4.2.29 but was not successful. However, reports indicate that data that is written into the affected buffer is now Unicode format. This results in exploit data containing NULL bytes, hindering exploitation of the vulnerability. A proof of concept that triggers a denial of service is available.
ArGoSoft FTP Server is prone to a buffer overrun when handling data through the DELE command.
Reportedly, passing excessive data may overrun a finite-sized internal memory buffer. A successful attack may result in memory corruption as memory adjacent to the buffer is overwritten with user-supplied data.
This issue may lead to a denial-of-service condition or the execution of arbitrary code.
ArGoSoft FTP Server 1.4.2.8 is reported vulnerable. Other versions may be affected as well.
**Update: The vendor reportedly attempted to address the vulnerability described in this BID in version 1.4.2.29 but was not successful. However, reports indicate that data that is written into the affected buffer is now Unicode format. This results in exploit data containing NULL bytes, hindering exploitation of the vulnerability. A proof of concept that triggers a denial of service is available.
Exploit / POC
ArGoSoft FTP Server DELE Command Remote Buffer Overrun Vulnerability
The following proof of concept is available:
DELE \x41 x 2000
A proof-of-concept exploit by Jerome Athias is available.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
The following proof of concept is available:
DELE \x41 x 2000
A proof-of-concept exploit by Jerome Athias is available.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
ArGoSoft FTP Server DELE Command Remote Buffer Overrun Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
References
ArGoSoft FTP Server DELE Command Remote Buffer Overrun Vulnerability
References:
References: