ArGoSoft FTP Server DELE Command Remote Buffer Overrun Vulnerability
ArGoSoft FTP Server is prone to a buffer overrun when handling data through the DELE command.
Reportedly, passing excessive data may overrun a finite-sized internal memory buffer. A successful attack may result in memory corruption as memory adjacent to the buffer is overwritten with user-supplied data.
This issue may lead to a denial-of-service condition or the execution of arbitrary code.
ArGoSoft FTP Server 188.8.131.52 is reported vulnerable. Other versions may be affected as well.
**Update: The vendor reportedly attempted to address the vulnerability described in this BID in version 184.108.40.206 but was not successful. However, reports indicate that data that is written into the affected buffer is now Unicode format. This results in exploit data containing NULL bytes, hindering exploitation of the vulnerability. A proof of concept that triggers a denial of service is available.