Vulnerabilities > CVE-2006-2170 - Remote Buffer Overflow vulnerability in ArGoSoft FTP Server RNTO Command
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
PARTIAL Summary
Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers to execute arbitrary code via Unicode in the RNTO command, as demonstrated by the Infigo FTPStress Fuzzer.
Vulnerable Configurations
Nessus
NASL family | FTP |
NASL id | ARGOSOFT_FTP_RNTO_OVERFLOW.NASL |
description | The remote host is using ArGoSoft FTP Server, an FTP server for Windows. The version of ArGoSoft FTP Server installed on the remote host contains a buffer overflow vulnerability that can be exploited by an authenticated, but possibly anonymous, user with a specially crafted RNTO command to crash the affected application or execute arbitrary code on the affected host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21326 |
published | 2006-05-04 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21326 |
title | ArGoSoft FTP Server RNTO Command Remote Buffer Overflow |
code |
|
References
- http://archives.neohapsis.com/archives/bugtraq/2006-05/0139.html
- http://marc.info/?l=bugtraq&m=114658586018818&w=2
- http://secunia.com/advisories/19934
- http://www.infigo.hr/en/in_focus/tools
- http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03
- http://www.osvdb.org/25216
- http://www.securityfocus.com/bid/17789
- http://www.vupen.com/english/advisories/2006/1639
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26197