Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via (1) a long username in the USER command or (2) an FTP command that contains a long argument, such as cd, send, or ls.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| 3cdaemon | 3com | 2.0-revision_10 (including) | 2.0-revision_10 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=110485674622696\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=110886719528518\u0026w=2
- http://www.securityfocus.com/bid/12155
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18754
- http://marc.info/?l=bugtraq\u0026m=110485674622696\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=110886719528518\u0026w=2
- http://www.securityfocus.com/bid/12155
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18754