VULHUB ™

ArGoSoft FTP Server is prone to a buffer overrun when handling data through the DELE command. Reportedly, passing excessive data may overrun a finite-sized internal memory buffer. A successful attack may result in memory corruption as memory adjacent to the buffer is overwritten with user-supplied data. This issue may lead to a denial-of-service condition or the execution of arbitrary code. ArGoSoft FTP Server 1.4.2.8 is reported vulnerable. Other versions may be affected as well. **Update: The vendor reportedly attempted to address the vulnerability described in this BID in version 1.4.2.29 but was not successful. However, reports indicate that data that is written into the affected buffer is now Unicode format. This results in exploit data containing NULL bytes, hindering exploitation of the vulnerability. A proof of concept that triggers a denial of service is available.

ArGoSoft FTP Server is prone to a buffer overrun when handling data through the DELE command. Reportedly, passing excessive data may overrun a finite-sized internal memory buffer. A successful attack may result in memory corruption as memory adjacent to the buffer is overwritten with user-supplied data. This issue may lead to a denial-of-service condition or the execution of arbitrary code. ArGoSoft FTP Server 1.4.2.8 is reported vulnerable. Other versions may be affected as well. **Update: The vendor reportedly attempted to address the vulnerability described in this BID in version 1.4.2.29 but was not successful. However, reports indicate that data that is written into the affected buffer is now Unicode format. This results in exploit data containing NULL bytes, hindering exploitation of the vulnerability. A proof of concept that triggers a denial of service is available.