CVE-2010-3187

IBM AIX < 5.3 - Remote Code Execution via Long NLST Command

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-3187. PoCs published by kingcope.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in IBM AIX FTPd (CVE-2010-3187) by sending an overly long NLST/LIST command to trigger a crash and generate a core dump. The core dump is then retrieved to extract DES password hashes for offline cracking.

Description

Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote attackers to execute arbitrary code via a long NLST command.

Exploits (2)

exploitdb WORKING POC VERIFIED
by kingcope · cremoteaix
https://www.exploit-db.com/exploits/14456

This exploit targets a buffer overflow vulnerability in IBM AIX FTPd (CVE-2010-3187) by sending an overly long NLST/LIST command to trigger a crash and generate a core dump. The core dump is then retrieved to extract DES password hashes for offline cracking.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: IBM AIX FTPd (Version 4.1)
Auth required
Prerequisites: Valid FTP credentials · Writable directory on the target · Network access to the target FTP server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by kingcope · perlremoteaix
https://www.exploit-db.com/exploits/14409

This exploit targets a vulnerability in IBM AIX FTP server to trigger a core dump containing the root user hash from /etc/security/passwd. It uses a buffer overflow in the NLST command to crash the FTP server and retrieve the core file.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: IBM AIX 5.1 FTP Server
Auth required
Prerequisites: Network access to the target FTP server · Valid credentials or guest access with write permissions
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1024368
Vendor Advisory vendor-advisory x_refsource_aixapar
http://www.ibm.com/support/docview.wss?uid=isg1IZ83276
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/14456/
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/14409/
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/66576
Vendor Advisory vendor-advisory x_refsource_aixapar
http://www.ibm.com/support/docview.wss?uid=isg1IZ83274
Vendor Advisory vendor-advisory x_refsource_aixapar
http://www.ibm.com/support/docview.wss?uid=isg1IZ83252
Vendor Advisory vendor-advisory x_refsource_aixapar
http://www.ibm.com/support/docview.wss?uid=isg1IZ83275
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2010/Jul/324
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2010/Jul/337
Patch, Vendor Advisory x_refsource_confirm
http://aix.software.ibm.com/aix/efixes/security/ftpd_advisory.asc
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2010/Jul/281
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2010/Jul/317

Scores

EPSS 0.7953
EPSS Percentile 99.1%

Details

CWE
CWE-119
Status published
Products (1)
ibm/aix < 5.3
Published Aug 30, 2010
Tracked Since Feb 18, 2026