3Com 3CDaemon Multiple Remote Vulnerabilities
BID:12155
Info
3Com 3CDaemon Multiple Remote Vulnerabilities
| Bugtraq ID: | 12155 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 04 2005 12:00AM |
| Updated: | Jan 04 2005 12:00AM |
| Credit: | Discovery is credited to Sowhat . <[email protected]>. |
| Vulnerable: |
3Com 3CDaemon 2.0 revision 10 |
| Not Vulnerable: | |
Discussion
3Com 3CDaemon Multiple Remote Vulnerabilities
3CDaemon is reportedly prone to multiple vulnerabilities. These issues may allow an attacker to crash the application, disclose sensitive information, and potentially execute arbitrary code on a vulnerable computer.
The following specific issues were identified:
Multiple format string vulnerabilities are reported to affect the application. These issues may allow an attacker to cause a denial of service condition or write to arbitrary process memory and potentially execute code.
Multiple buffer overflow vulnerabilities affect the application as well. These issues may allow remote attackers to execute arbitrary code on a vulnerable computer or crash the application.
3CDaemon also discloses sensitive information when a request for certain MS-DOS device names is carried out. This type of sensitive information may be used in further attacks against the computer.
3CDaemon 2.0 revision 10 is reported prone to these vulnerabilities, however, other versions may also be affected.
3CDaemon is reportedly prone to multiple vulnerabilities. These issues may allow an attacker to crash the application, disclose sensitive information, and potentially execute arbitrary code on a vulnerable computer.
The following specific issues were identified:
Multiple format string vulnerabilities are reported to affect the application. These issues may allow an attacker to cause a denial of service condition or write to arbitrary process memory and potentially execute code.
Multiple buffer overflow vulnerabilities affect the application as well. These issues may allow remote attackers to execute arbitrary code on a vulnerable computer or crash the application.
3CDaemon also discloses sensitive information when a request for certain MS-DOS device names is carried out. This type of sensitive information may be used in further attacks against the computer.
3CDaemon 2.0 revision 10 is reported prone to these vulnerabilities, however, other versions may also be affected.
Exploit / POC
3Com 3CDaemon Multiple Remote Vulnerabilities
The following proof of concept is available:
Buffer overflows:
user AAA..[about 241 A here]...AAAAA
cd AAA..[about 398 A here]...AAAAA
ls AAA..[about 247 A here]...AAAAA
put 1.txt AAA..[about 247 A here]...AAAAA
Format string:
cd %n
Information disclosure:
cd aux
cd lpt1
cd toolz.rar
Exploit code 3cdaemon_exp.c has been provided by c0d3r "kaveh razavi" <[email protected]>.
An exploit written by H D Moore <hdm [at] metasploit.com>, '3com_3cdaemon_ftp_overflow.pm', has been released as part of the Metasploit Framework.
The following proof of concept is available:
Buffer overflows:
user AAA..[about 241 A here]...AAAAA
cd AAA..[about 398 A here]...AAAAA
ls AAA..[about 247 A here]...AAAAA
put 1.txt AAA..[about 247 A here]...AAAAA
Format string:
cd %n
Information disclosure:
cd aux
cd lpt1
cd toolz.rar
Exploit code 3cdaemon_exp.c has been provided by c0d3r "kaveh razavi" <[email protected]>.
An exploit written by H D Moore <hdm [at] metasploit.com>, '3com_3cdaemon_ftp_overflow.pm', has been released as part of the Metasploit Framework.
Solution / Fix
3Com 3CDaemon Multiple Remote Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
3Com 3CDaemon Multiple Remote Vulnerabilities
References:
References:
- 3Com Homepage (3Com)
- 3Com 3CDaemon Multiple Vulnerabilities ("Sowhat ."
)