Vulnerabilities > CVE-2005-0419 - Remote Security vulnerability in 3Com 3Cserver 1.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

3com

nessus

exploit available

NVD

Published: 2005-04-27

Updated: 2017-07-11

Summary

Multiple heap-based buffer overflows in 3Com 3CServer allow remote authenticated users to execute arbitrary code via long FTP commands, as demonstrated using the STAT command.

Vulnerable Configurations

Part	Description	Count
Application	3Com 3Com 3Cserver 1.1	1

Exploit-Db

description	3CServer 1.1 FTP Server Remote Exploit. CVE-2005-0419. Remote exploit for windows platform
id	EDB-ID:794
last seen	2016-01-31
modified	2005-02-07
published	2005-02-07
reporter	mandragore
source	https://www.exploit-db.com/download/794/
title	3CServer 1.1 FTP Server Remote Exploit

Nessus

NASL family	FTP
NASL id	3COM_3CSERVER_FTP_OVERFLOW.NASL
description	The remote host is running the 3Com 3CServer or 3CDaemon FTP server. According to its banner, the version of the 3CServer / 3CDaemon FTP server on the remote host is reportedly affected by multiple buffer overflow and format string vulnerabilities as well as an information leak issue. An attacker may be able to exploit these flaws to execute arbitrary code on the remote host with the privileges of the FTP server, generally Administrator.
last seen	2020-04-09
modified	2005-02-08
plugin id	16321
published	2005-02-08
reporter	This script is Copyright (C) 2005-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/16321
title	3Com 3CServer/3CDaemon FTP Server Multiple Vulnerabilities (OF, FS, PD, DoS)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(16321); script_version ("1.22"); script_cve_id("CVE-2005-0276", "CVE-2005-0277", "CVE-2005-0278", "CVE-2005-0419"); script_bugtraq_id(12155, 12463); script_name(english:"3Com 3CServer/3CDaemon FTP Server Multiple Vulnerabilities (OF, FS, PD, DoS)"); script_set_attribute(attribute:"synopsis", value: "The remote FTP server is affected by multiple issues." ); script_set_attribute(attribute:"description", value: "The remote host is running the 3Com 3CServer or 3CDaemon FTP server. According to its banner, the version of the 3CServer / 3CDaemon FTP server on the remote host is reportedly affected by multiple buffer overflow and format string vulnerabilities as well as an information leak issue. An attacker may be able to exploit these flaws to execute arbitrary code on the remote host with the privileges of the FTP server, generally Administrator." ); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/385969" ); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/389623" ); script_set_attribute(attribute:"solution", value: "Unknown at this time." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'3Com 3CDaemon 2.0 FTP Username Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2005/02/08"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/01/04"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/08"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_summary(english:"Checks for 3Com 3CServer FTP Server"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2020 Tenable Network Security, Inc."); script_family(english:"FTP"); script_require_ports("Services/ftp", 21); script_dependencies("ftpserver_detect_type_nd_version.nasl"); exit(0); } include("ftp_func.inc"); port = get_ftp_port(default:21); ftpbanner = get_ftp_banner(port:port); if ( ftpbanner == NULL ) exit(1, "No FTP banner on port "+port+"."); if ( egrep(pattern:"^220 3Com FTP Server Version 1\.[01]([^0-9]\|\.)", string:ftpbanner) \|\| egrep(pattern:"^220 3Com 3CDaemon FTP Server Version [0-2]\.", string:ftpbanner)) security_hole(port);

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References