vendor:
Eserv/3.x
by:
Gjoko 'LiquidWorm' Krstic
7.5
CVSS
HIGH
Stack Overflow
119
CWE
Product Name: Eserv/3.x
Affected Version From: 3.x
Affected Version To: 3.x
Patch Exists: YES
Related CWE: N/A
CPE: a:eserv:eserv
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Microsoft Windows XP SP2
2008
Eserv/3.x FTP Server (ABOR) Remote Stack Overflow PoC
Eserv/3.x is a Mail, News, Web and Proxy Servers which includes Mail Server (SMTP, IMAP4 and POP3), News Server (NNTP), Web Server (HTTP), FTP Server, Proxy Servers (HTTP, FTP, Socks, etc), Finger Server and Built-in scheduler and dialer. This PoC exploits a stack overflow vulnerability in the FTP server component of Eserv/3.x. The vulnerability is triggered when a maliciously crafted ABOR command is sent to the FTP server. This can lead to remote code execution.
Mitigation:
Upgrade to the latest version of Eserv/3.x