Vulnerabilities > CVE-2004-2672 - Unspecified vulnerability in Argosoft FTP Server 1.2.2.2/1.4.2

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
argosoft
nessus
NVD
Published: 2004-12-31
Updated: 2024-11-20

Summary

Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows attackers to upload .lnk files via unknown vectors.

Vulnerable Configurations

Part Description Count
Application
Argosoft
2

Nessus

NASL familyFTP
NASL idARGOSOFT_FTP_SHORTCUT.NASL
descriptionThe remote host is running ArGoSoft FTP Server. It is reported that ArGoSoft FTP Server is prone to an attack that allows link upload. An attacker, exploiting this flaw, may be able to have read and write access to any files and directories on the FTP server.
last seen2020-06-01
modified2020-06-02
plugin id15623
published2004-11-04
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/15623
titleArGoSoft FTP Server .lnk Shortcut Upload Arbitrary File Manipulation
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if(description)
{
 script_id(15623);
 script_version("1.19");
 script_cvs_date("Date: 2018/06/27 18:42:25");

 script_cve_id("CVE-2004-2672");
 script_bugtraq_id(11589);

 script_name(english:"ArGoSoft FTP Server .lnk Shortcut Upload Arbitrary File Manipulation");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote FTP server is affected by an unauthorized access issue." );
 script_set_attribute(attribute:"description", value:
"The remote host is running ArGoSoft FTP Server. 

It is reported that ArGoSoft FTP Server is prone to an attack that
allows link upload.  An attacker, exploiting this flaw, may be able to
have read and write access to any files and directories on the FTP
server." );
 script_set_attribute(attribute:"solution", value:
"Upgrade to ArGoSoft FTP 1.4.2.2 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"plugin_publication_date", value: "2004/11/04");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/11/01");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();
 
 script_summary(english:"Gets the version of the remote ArGoSoft server");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
 script_family(english:"FTP");
 script_dependencie("ftpserver_detect_type_nd_version.nasl");
 script_require_ports("Services/ftp", 21);
 exit(0);
}

# Check starts here

include("ftp_func.inc");


port = get_ftp_port(default: 21);

banner = get_ftp_banner(port:port);
if ( ! banner ) exit(1, "no FTP banner on port "+port+".");

if (
  "ArGoSoft FTP Server" >< banner &&
  egrep(pattern:"^220 ArGoSoft FTP Server.*Version.*\(1\.([0-3]\..*|4\.[0-1]|4\.2\.[0-1])", string:banner)
) security_hole(port);

References