CVE-2012-10055
BaseFortify
Publication date: 2025-08-13
Last updated on: 2025-08-14
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| comsndftp | comsndftp | 1.3.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-134 | The product uses a function that accepts a format string as an argument, but the format string originates from an external source. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2012-10055 is a format string vulnerability in ComSndFTP FTP Server version 1.3.7 Beta. The vulnerability occurs in the handling of the USER command, where an attacker can send a specially crafted username containing format string specifiers. This allows the attacker to overwrite a hardcoded function pointer in memory (specifically the WSACleanup function pointer in Ws2_32.dll). By overwriting this pointer, the attacker can redirect the execution flow, bypass Data Execution Prevention (DEP) protections using a Return-Oriented Programming (ROP) chain, and ultimately execute arbitrary code on the affected server remotely without authentication. [2, 3, 4]
How can this vulnerability impact me? :
This vulnerability can have a severe impact as it allows a remote attacker to execute arbitrary code on the affected FTP server without any authentication. This means the attacker can take full control of the server, potentially leading to unauthorized access, data theft, service disruption, or using the compromised server as a foothold for further attacks. Additionally, the exploit can cause denial of service by crashing the server. The vulnerability affects default configurations and can be exploited remotely over the network. [1, 2, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to send a specially crafted USER command containing format string specifiers to the ComSndFTP 1.3.7 Beta FTP server and observing the server's response. For example, using a tool like netcat or telnet, you can connect to the FTP server on port 21 and send a USER command with a payload such as "%s%p%x%d". If the server crashes, becomes unresponsive, or exhibits abnormal behavior, it indicates the presence of the vulnerability. Additionally, Metasploit modules (e.g., comsnd_ftpd_fmtstr.rb) are available to test and exploit this vulnerability, which can be used to verify if the server is vulnerable. [1, 3, 4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or uninstalling ComSndFTP FTP Server version 1.3.7 Beta, as the product is no longer supported and contains this critical vulnerability. If continuing to use the server is necessary, restrict network access to the FTP service to trusted hosts only, such as by firewall rules, to prevent remote exploitation. Monitoring and blocking suspicious USER commands containing format specifiers can also help reduce risk. Ultimately, migrating to a supported and secure FTP server software version without this vulnerability is strongly recommended. [2]