CVE-2004-2675

ArGoSoft FTP Server < 1.4.1.6 - Authenticated Denial of Service via SITE PASS Command

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2675. PoCs published by Beyond Security.

AI-analyzed exploit summary This Perl script demonstrates multiple vulnerabilities in ArGoSoft FTP Server 1.4, including buffer overflows via SITE ZIP/COPY commands, directory traversal via SITE UNZIP, and DoS via SITE PASS. The PoC connects to the FTP server, authenticates, and sends malformed commands to trigger the vulnerabilities.

Description

ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to cause a denial of service (crash) via a SITE PASS command with a long password parameter, which causes the database to be corrupted.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Beyond Security · perldoswindows

https://www.exploit-db.com/exploits/23769

View Code ZIP pw:eip

This Perl script demonstrates multiple vulnerabilities in ArGoSoft FTP Server 1.4, including buffer overflows via SITE ZIP/COPY commands, directory traversal via SITE UNZIP, and DoS via SITE PASS. The PoC connects to the FTP server, authenticates, and sends malformed commands to trigger the vulnerabilities.

Classification

Working Poc 90%

Attack Type

Dos | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: ArGoSoft FTP Server 1.4 (1.4.1.4)

Auth required

Prerequisites: Network access to the target FTP server · Valid credentials for authentication

MITRE ATT&CK