FTP: 3CDaemon Path Disclosure

This signature detects attempts to exploit a known vulnerability against FTP 3CDaemon. Attackers can use the 3CDaemon to disclose information; for example, a full path.

Extended Description

3CDaemon is reportedly prone to multiple vulnerabilities. These issues may allow an attacker to crash the application, disclose sensitive information, and potentially execute arbitrary code on a vulnerable computer. The following specific issues were identified: Multiple format string vulnerabilities are reported to affect the application. These issues may allow an attacker to cause a denial of service condition or write to arbitrary process memory and potentially execute code. Multiple buffer overflow vulnerabilities affect the application as well. These issues may allow remote attackers to execute arbitrary code on a vulnerable computer or crash the application. 3CDaemon also discloses sensitive information when a request for certain MS-DOS device names is carried out. This type of sensitive information may be used in further attacks against the computer. 3CDaemon 2.0 revision 10 is reported prone to these vulnerabilities, however, other versions may also be affected.

Affected Products

3com 3cdaemon

Short Name
FTP:COMMAND:3CDAEMON-PATH-DISCL
Severity
Minor
Recommended
False
Recommended Action
None
Category
FTP
Keywords
3CDaemon CVE-2005-0278 Disclosure Path bid:12155
Release Date
10/18/2006
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

3com

CVSS Score

5.0

Found a potential security threat?