Vulnerabilities > CVE-2005-0278 - Remote vulnerability in 3Com 3Cdaemon 2.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to gain sensitive information via a cd command that contains an MS-DOS device name, which reveals the installation path in an error message.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | FTP |
NASL id | 3COM_3CSERVER_FTP_OVERFLOW.NASL |
description | The remote host is running the 3Com 3CServer or 3CDaemon FTP server. According to its banner, the version of the 3CServer / 3CDaemon FTP server on the remote host is reportedly affected by multiple buffer overflow and format string vulnerabilities as well as an information leak issue. An attacker may be able to exploit these flaws to execute arbitrary code on the remote host with the privileges of the FTP server, generally Administrator. |
last seen | 2020-04-09 |
modified | 2005-02-08 |
plugin id | 16321 |
published | 2005-02-08 |
reporter | This script is Copyright (C) 2005-2020 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/16321 |
title | 3Com 3CServer/3CDaemon FTP Server Multiple Vulnerabilities (OF, FS, PD, DoS) |
code |
|