ArGoSoft FTP Server XCWD Overflow

2003-09-23T10:59:03
ID OSVDB:2618
Type osvdb
Reporter Moran Zavdi(moran@moozatech.com)
Modified 2003-09-23T10:59:03

Description

Vulnerability Description

ArGoSoft FTP Server contains a flaw that may allow a remote denial of service. By sending a specially crafted request containing 4,096 characters or more to the XCWD command, which will cause the server to crash resulting in a loss of availability for the server.

Solution Description

Upgrade to version 1.4.1.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

ArGoSoft FTP Server contains a flaw that may allow a remote denial of service. By sending a specially crafted request containing 4,096 characters or more to the XCWD command, which will cause the server to crash resulting in a loss of availability for the server.

References:

Vendor URL: http://www.argosoft.com/ftpserver/default.aspx Secunia Advisory ID:9864 Mail List Post: http://archives.neohapsis.com/archives/vuln-dev/2003-q3/0169.html Bugtraq ID: 8704