ArGoSoft FTP Server < 1.4.2.8 Multiple .LNK File Handling Vulnerabilities

critical Nessus Plugin ID 16334

Synopsis

The remote FTP server is susceptible to several file access attacks.

Description

The remote host is running the ArGoSoft FTP Server.

It is reported that ArGoSoft FTP Server allows an attacker to upload shortcut (.LNK) files via either a 'SITE UNZIP' or 'SITE COPY' command and gain read and write access to any files and directories on the FTP server.

Solution

Upgrade to ArGoSoft FTP 1.4.2.8 or later.

Plugin Details

Severity: Critical

ID: 16334

File Name: argosoft_ftp_shortcut2.nasl

Version: 1.17

Type: remote

Family: FTP

Published: 2/9/2005

Updated: 6/27/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2/8/2005

Reference Information

CVE: CVE-2005-0519, CVE-2005-0520

BID: 12487, 12632