3Com 3CServer/3CDaemon FTP Server Multiple Vulnerabilities (OF, FS, PD, DoS)

critical Nessus Plugin ID 16321

Synopsis

The remote FTP server is affected by multiple issues.

Description

The remote host is running the 3Com 3CServer or 3CDaemon FTP server.

According to its banner, the version of the 3CServer / 3CDaemon FTP server on the remote host is reportedly affected by multiple buffer overflow and format string vulnerabilities as well as an information leak issue. An attacker may be able to exploit these flaws to execute arbitrary code on the remote host with the privileges of the FTP server, generally Administrator.

Solution

Unknown at this time.

See Also

https://www.securityfocus.com/archive/1/385969

https://www.securityfocus.com/archive/1/389623

Plugin Details

Severity: Critical

ID: 16321

File Name: 3com_3cserver_ftp_overflow.nasl

Version: 1.23

Type: remote

Family: FTP

Published: 2/8/2005

Updated: 12/22/2020

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:3com:3cdaemon, cpe:/a:3com:3cserver

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1/4/2005

Exploitable With

Metasploit (3Com 3CDaemon 2.0 FTP Username Overflow)

Reference Information

CVE: CVE-2005-0276, CVE-2005-0277, CVE-2005-0278, CVE-2005-0419

BID: 12155, 12463