CVE-2006-2170

Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers to execute arbitrary code via Unicode in the RNTO command, as demonstrated by the Infigo FTPStress Fuzzer.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.infigo.hr/en/in_focus/tools	Exploit
http://www.securityfocus.com/bid/17789	Exploit
http://secunia.com/advisories/19934	Vendor Advisory
http://www.osvdb.org/25216
http://archives.neohapsis.com/archives/bugtraq/2006-05/0139.html
http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03
http://www.vupen.com/english/advisories/2006/1639
http://marc.info/?l=bugtraq&m=114658586018818&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/26197

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:argosoft:ftp_server:1.4.1.3:::::::*
	cpe:2.3:a:argosoft:ftp_server:1.4.1.4:::::::*
	cpe:2.3:a:argosoft:ftp_server:1.4.2.1:::::::*
	cpe:2.3:a:argosoft:ftp_server:1.4.2.2:::::::*
	cpe:2.3:a:argosoft:ftp_server:1.4.1.5:::::::*
	cpe:2.3:a:argosoft:ftp_server:1.4.1.6:::::::*
	cpe:2.3:a:argosoft:ftp_server:1.4.2.29:::::::*
	cpe:2.3:a:argosoft:ftp_server:1.4.2.7:::::::*
	cpe:2.3:a:argosoft:ftp_server:1.4.1.1:::::::*
	cpe:2.3:a:argosoft:ftp_server:1.4.1.2:::::::*
	cpe:2.3:a:argosoft:ftp_server:1.4.1.9:::::::*
	cpe:2.3:a:argosoft:ftp_server:1.4.2.8:::::::*
	cpe:2.3:a:argosoft:ftp_server:1.4.1.8:::::::*
	cpe:2.3:a:argosoft:ftp_server:1.4.2:::::::*
	cpe:2.3:a:argosoft:ftp_server:1.4.1.7:::::::*
	cpe:2.3:a:argosoft:ftp_server:1.4.3.5:::::::*

Information

Published : 2006-05-04 05:38

Updated : 2017-07-19 18:31

NVD link : CVE-2006-2170

Mitre link : CVE-2006-2170

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

argosoft

ftp_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.infigo.hr/en/in_focus/tools", "name": "http://www.infigo.hr/en/in_focus/tools", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/17789", "name": "17789", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/19934", "name": "19934", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/25216", "name": "25216", "tags": [], "refsource": "OSVDB"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0139.html", "name": "20060508 INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03", "name": "http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03", "tags": [], "refsource": "MISC"}, {"url": "http://www.vupen.com/english/advisories/2006/1639", "name": "ADV-2006-1639", "tags": [], "refsource": "VUPEN"}, {"url": "http://marc.info/?l=bugtraq&m=114658586018818&w=2", "name": "20060502 FTP Fuzzer", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26197", "name": "argosoft-ftp-rnto-bo(26197)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers to execute arbitrary code via Unicode in the RNTO command, as demonstrated by the Infigo FTPStress Fuzzer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-2170", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-05-04T12:38Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:argosoft:ftp_server:1.4.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:argosoft:ftp_server:1.4.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:argosoft:ftp_server:1.4.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:argosoft:ftp_server:1.4.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:argosoft:ftp_server:1.4.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:argosoft:ftp_server:1.4.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:argosoft:ftp_server:1.4.2.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:argosoft:ftp_server:1.4.2.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:argosoft:ftp_server:1.4.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:argosoft:ftp_server:1.4.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:argosoft:ftp_server:1.4.1.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:argosoft:ftp_server:1.4.2.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:argosoft:ftp_server:1.4.1.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:argosoft:ftp_server:1.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:argosoft:ftp_server:1.4.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:argosoft:ftp_server:1.4.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:31Z"}