Lucene search
Michael S. ScheidellEDB-ID:22060HistoryDec 02, 2002 - 12:00 a.m.
3Com SuperStack 3 NBX 4.0/4.1 - FTPD Denial of Service
2002-12-0200:00:00
Michael S. Scheidell
www.exploit-db.com
35
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/6297/info
It has been reported that the ftpd server, included in the Embedded Real Time Operating System (ERTOS) of 3Com Superstack 3 NBX IP phones, contains a denial of service vulnerability. This issue can be triggered by sending a CEL paramater of excessive length, effectively causing the ftpd server and various VoIP services to no longer respond.
It should be noted that this issue may be similar to the vulnerability described in BID 679.
Although unconfirmed, it should also be noted that due to the nature of this vulnerability under some circumstances it may be exploited to execute arbitrary code.
CEL aaaa[...]aaaa where string is 2048 bytes longRelated
nessus
nessus
3Com NBX ftpd CEL Command Remote Overflow (2)
2002-12-02 00:00:00
3Com NBX ftpd CEL Command Remote Overflow (1)
2002-12-02 00:00:00
cvelist
cvelist
CVE-2002-2300
2007-10-18 10:00:00
nvd
nvd
CVE-2002-2300
2002-12-31 05:00:00
openvas
openvas
vxworks ftpd buffer overflow Denial of Service
2005-11-03 00:00:00
vxworks ftpd buffer overflow Denial of Service
2005-11-03 00:00:00
vxworks ftpd buffer overflow
2005-11-03 00:00:00
cve
cve
CVE-2002-2300
2007-10-18 10:00:00