PT-2006-6814 · 3Com · 3Com 3Ctftpsvc
Liu Qixu
·
Published
2006-12-01
·
Updated
2018-10-17
·
CVE-2006-6183
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
3Com 3CTftpSvc versions 2.0.1 and earlier
Description
The issue is related to multiple stack-based buffer overflows that can be triggered by remote attackers. This can be achieved by sending a long mode field in a GET or PUT command, potentially leading to a denial of service or the execution of arbitrary code.
Recommendations
For 3Com 3CTftpSvc versions 2.0.1 and earlier, consider restricting access to the affected service until a fix is available. As a temporary workaround, avoid using long mode fields in GET or PUT commands to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
3Com 3Ctftpsvc