Description
ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read arbitrary files by uploading a ZIP file containing a shortcut (.LNK) file, using SITE UNZIP to extract the .LNK file onto the server, then accessing the file, a different vulnerability than CVE-2005-0520.
Product(s):
- Argosoft FTP Server 1.4.1.1
- Argosoft FTP Server 1.4.1.2
- Argosoft FTP Server 1.4.1.3
- ArGoSoft FTP Server 1.4.1.4
- ArGoSoft FTP Server 1.4.1.5
- ArGoSoft FTP Server 1.4.1.6
- ArGoSoft FTP Server 1.4.1.7
- ArGoSoft FTP Server 1.4.1.8
- ArGoSoft FTP Server 1.4.1.9
- ArGoSoft FTP Server 1.4.2.1
- ArGoSoft FTP Server 1.4.2.2
- ArGoSoft FTP Server 1.4.2
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2005-0519, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2005-0519 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.