Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0519

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2005-0519
Last Modified 10 Sep 2008 03:36:06
Published 18 Feb 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0519

Summary

ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read arbitrary files by uploading a ZIP file containing a shortcut (.LNK) file, using SITE UNZIP to extract the .LNK file onto the server, then accessing the file, a different vulnerability than CVE-2005-0520.

Vulnerable Systems

Application

  • Argosoft Ftp Server 1.4.1.1

  • Argosoft Ftp Server 1.4.1.2

  • Argosoft Ftp Server 1.4.1.3

  • Argosoft Ftp Server 1.4.1.4

  • Argosoft Ftp Server 1.4.1.5

  • Argosoft Ftp Server 1.4.1.6

  • Argosoft Ftp Server 1.4.1.7

  • Argosoft Ftp Server 1.4.1.8

  • Argosoft Ftp Server 1.4.1.9

  • Argosoft Ftp Server 1.4.2

  • Argosoft Ftp Server 1.4.2.1

  • Argosoft Ftp Server 1.4.2.2


References

CONFIRM - http://www.argosoft.com/ftpserver/changelist.aspx

SECUNIA - 14172

XF - argosoft-ink-file-upload(17939)

BID - 12487

OSVDB - 13614


Last Updated: 27 May 2016 10:39:50