lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 7 Feb 2005 18:15:25 +0100
From: mandragore <mandragore@...il.com>
To: bugtraq@...urityfocus.com
Subject: Vulnerability in 3Com 3CServer v1.1

Object:
Vulnerability in 3CServer v1.1, free utility for windows32, from 3Com.

Details:
While old, this free utility is still proposed from the 3Com site, so
it's worth mentionning this.
There are buffer overflows in many of the FTP commands supported,
leading to various heap overflows.
The application has a TFTP server as well, that might be vulnerable
too but I didn't check.
To be able to make use of the vulnerability one needs to be authentificated,
but the anonymous account is sufficient and created by default.

I don't know if any fix will be ever released, 3Com didn't bother answering me.

mandragore

Download attachment "3csploit.c" of type "application/octet-stream" (5856 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ