CVE-2017-6880
published 2017-03-17CVE-2017-6880: Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact…
PriorityP260critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
14.32%
96.2th percentile
Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cerberus | cerberus_ftp_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect oversized MLST command payloads on FTP port 21 — the exploit sends exactly 2047 'A' characters as the MLST argument, triggering the buffer overflow. ↗
- →Alert on any FTP MLST command whose argument length exceeds normal bounds (PoC uses 2047 bytes); such oversized MLST requests are anomalous and indicative of exploitation attempts against Cerberus FTP Server 8.0.10.3. ↗
- ·The PoC uses hardcoded credentials ('USER nassim' / 'PASS mypass'), meaning the attacker must have valid FTP credentials to reach the vulnerable MLST code path — unauthenticated exploitation is not demonstrated. ↗
- ·The PoC was tested only on Windows 7 SP1 (64-bit); exploitability and crash behaviour on other Windows versions or configurations may differ. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2017-03-17
Published