Published: 30/08/2010 Updated: 28/11/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Buffer overflow in ftpd in IBM AIX 5.3 and previous versions allows remote malicious users to execute arbitrary code via a long NLST command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm aix

/* * IBM AIX 5l FTPd Remote DES Hash Exploit -- Advanced 'Datacenter' Edition :> * * Should work on IBM AIX 51,52,53! probably on 4X too * * bug found & exploited by Kingcope * * Version 20 - July 2010 * ---------------------------------------------------------------------------- * Description: ...

### AIXCOREDUMPPL --- ### --== ~ AIX5l w/ FTP-SERVER REMOTE ROOT HASH DISCLOSURE EXPLOIT ~ =-- ### CREATES COREDUMP INCLUDING THE ROOT USER HASH FROM /etc/security/passwd ### THE RESULT FILE IS SCRAMBLED - SEEK FOR DES LOOKING CRYPTO KEYS ### SUCCESSFULLY TESTED ON IBM AIX 51 ### DISCOVERED & EXPLOITED BY KINGCOPE ### JULY 2010 use IO::Socke ...

CWE-119 http://www.ibm.com/support/docview.wss?uid=isg1IZ83252 http://www.ibm.com/support/docview.wss?uid=isg1IZ83275 http://seclists.org/fulldisclosure/2010/Jul/324 http://securitytracker.com/id?1024368 http://seclists.org/fulldisclosure/2010/Jul/317 http://www.osvdb.org/66576 http://www.exploit-db.com/exploits/14409/http://www.ibm.com/support/docview.wss?uid=isg1IZ83274 http://www.exploit-db.com/exploits/14456/http://seclists.org/fulldisclosure/2010/Jul/337 http://www.ibm.com/support/docview.wss?uid=isg1IZ83276 http://seclists.org/fulldisclosure/2010/Jul/281 http://aix.software.ibm.com/aix/efixes/security/ftpd_advisory.asc https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11697 https://nvd.nist.gov https://www.exploit-db.com/exploits/14456/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-3187

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect