Description
ArGoSoft FTP Server before 1.4.2.8 allows remote attackers to read arbitrary files via shortcut (.LNK) files in the SITE COPY command, a different vulnerability than CVE-2005-0519.
Product(s):
- Argosoft FTP Server 1.4.1.1
- Argosoft FTP Server 1.4.1.2
- Argosoft FTP Server 1.4.1.3
- ArGoSoft FTP Server 1.4.1.4
- ArGoSoft FTP Server 1.4.1.5
- ArGoSoft FTP Server 1.4.1.6
- ArGoSoft FTP Server 1.4.1.7
- ArGoSoft FTP Server 1.4.1.8
- ArGoSoft FTP Server 1.4.1.9
- ArGoSoft FTP Server 1.4.2.1
- ArGoSoft FTP Server 1.4.2.2
- ArGoSoft FTP Server 1.4.2
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2005-0520, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2005-0520 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.