<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Vulnerability in 3Com 3CServer v1.1

Vulnerability in 3Com 3CServer v1.1

From: mandragore <mandragore_at_gmail.com>
Date: Mon, 7 Feb 2005 18:15:25 +0100

Object:
Vulnerability in 3CServer v1.1, free utility for windows32, from 3Com.

Details:
While old, this free utility is still proposed from the 3Com site, so
it's worth mentionning this.
There are buffer overflows in many of the FTP commands supported,
leading to various heap overflows.
The application has a TFTP server as well, that might be vulnerable
too but I didn't check.
To be able to make use of the vulnerability one needs to be authentificated,
but the anonymous account is sufficient and created by default.

I don't know if any fix will be ever released, 3Com didn't bother answering me.

mandragore

application/octet-stream attachment: 3csploit_c

Received on Feb 07 2005

This message: [ Message body ]
Next message: KF (lists): "DMA[2005-0131b] - 'Setuid Perl PERLIO_DEBUG buffer overflow'"
Previous message: KF (lists): "DMA[2005-0131a] - 'Setuid Perl PERLIO_DEBUG root owned file creation'"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]