Vulnerabilities > CVE-2005-0277 - Remote vulnerability in 3Com 3Cdaemon 2.0

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
3com
nessus
exploit available
metasploit
NVD
Published: 2005-05-02
Updated: 2017-07-11

Summary

Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via (1) a long username in the USER command or (2) an FTP command that contains a long argument, such as cd, send, or ls.

Vulnerable Configurations

Part Description Count
Application
3Com
1

Exploit-Db

  • description3Com 3CDaemon FTP Unauthorized "USER" Remote BoF Exploit. CVE-2005-0277. Remote exploit for windows platform
    idEDB-ID:827
    last seen2016-01-31
    modified2005-02-18
    published2005-02-18
    reporterclass101
    sourcehttps://www.exploit-db.com/download/827/
    title3Com 3CDaemon FTP Unauthorized "USER" Remote BoF Exploit
  • description3Com 3CDaemon 2.0 FTP Username Overflow. CVE-2005-0277. Remote exploit for windows platform
    idEDB-ID:16730
    last seen2016-02-02
    modified2010-09-20
    published2010-09-20
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16730/
    title3Com 3CDaemon 2.0 FTP Username Overflow
  • description3Com Ftp Server 2.0 Remote Overflow Exploit. CVE-2005-0277. Remote exploit for windows platform
    idEDB-ID:825
    last seen2016-01-31
    modified2005-02-17
    published2005-02-17
    reporterc0d3r
    sourcehttps://www.exploit-db.com/download/825/
    title3Com Ftp Server 2.0 - Remote Overflow Exploit

Metasploit

descriptionThis module exploits a vulnerability in the 3Com 3CDaemon FTP service. This package is being distributed from the 3Com web site and is recommended in numerous support documents. This module uses the USER command to trigger the overflow.
idMSF:EXPLOIT/WINDOWS/FTP/3CDAEMON_FTP_USER
last seen2020-05-23
modified2017-07-24
published2005-11-26
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0277
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/ftp/3cdaemon_ftp_user.rb
title3Com 3CDaemon 2.0 FTP Username Overflow

Nessus

NASL familyFTP
NASL id3COM_3CSERVER_FTP_OVERFLOW.NASL
descriptionThe remote host is running the 3Com 3CServer or 3CDaemon FTP server. According to its banner, the version of the 3CServer / 3CDaemon FTP server on the remote host is reportedly affected by multiple buffer overflow and format string vulnerabilities as well as an information leak issue. An attacker may be able to exploit these flaws to execute arbitrary code on the remote host with the privileges of the FTP server, generally Administrator.
last seen2020-04-09
modified2005-02-08
plugin id16321
published2005-02-08
reporterThis script is Copyright (C) 2005-2020 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/16321
title3Com 3CServer/3CDaemon FTP Server Multiple Vulnerabilities (OF, FS, PD, DoS)
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if(description)
{
 script_id(16321);
 script_version ("1.22");

 script_cve_id("CVE-2005-0276", "CVE-2005-0277", "CVE-2005-0278", "CVE-2005-0419");
 script_bugtraq_id(12155, 12463);
 
 script_name(english:"3Com 3CServer/3CDaemon FTP Server Multiple Vulnerabilities (OF, FS, PD, DoS)");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote FTP server is affected by multiple issues." );
 script_set_attribute(attribute:"description", value:
"The remote host is running the 3Com 3CServer or 3CDaemon FTP server. 

According to its banner, the version of the 3CServer / 3CDaemon FTP
server on the remote host is reportedly affected by multiple buffer
overflow and format string vulnerabilities as well as an information
leak issue.  An attacker may be able to exploit these flaws to execute
arbitrary code on the remote host with the privileges of the FTP
server, generally Administrator." );
 script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/385969" );
 script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/389623" );
 script_set_attribute(attribute:"solution", value:
"Unknown at this time." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"metasploit_name", value:'3Com 3CDaemon 2.0 FTP Username Overflow');
 script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

 script_set_attribute(attribute:"plugin_publication_date", value: "2005/02/08");
 script_set_attribute(attribute:"vuln_publication_date", value: "2005/01/04");
 script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/08");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();
 
 script_summary(english:"Checks for 3Com 3CServer FTP Server");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2005-2020 Tenable Network Security, Inc.");
 script_family(english:"FTP");
 script_require_ports("Services/ftp", 21);
 script_dependencies("ftpserver_detect_type_nd_version.nasl");
 exit(0);
}


include("ftp_func.inc");

port = get_ftp_port(default:21);

ftpbanner = get_ftp_banner(port:port);
if ( ftpbanner == NULL ) exit(1, "No FTP banner on port "+port+".");
if ( egrep(pattern:"^220 3Com FTP Server Version 1\.[01]([^0-9]|\.)", string:ftpbanner) ||
     egrep(pattern:"^220 3Com 3CDaemon FTP Server Version [0-2]\.", string:ftpbanner)) 
	security_hole(port);

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/83100/3cdaemon_ftp_user.rb.txt
idPACKETSTORM:83100
last seen2016-12-05
published2009-11-26
reporterH D Moore
sourcehttps://packetstormsecurity.com/files/83100/3Com-3CDaemon-2.0-FTP-Username-Overflow.html
title3Com 3CDaemon 2.0 FTP Username Overflow

References