{"type": "osvdb", "published": "2005-10-25T22:31:16", "href": "https://vulners.com/osvdb/OSVDB:20306", "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 10.0}, "viewCount": 1, "edition": 1, "reporter": "EADS Corporate Research Center()", "title": "Skype Crafted UDP Packet Remote Overflow", "affectedSoftware": [{"operator": "eq", "version": "1.3.*.16", "name": "Skype for Mac OS X"}, {"operator": "eq", "version": "1.2.*.17", "name": "Skype for Linux"}, {"operator": "eq", "version": "1.4.*.83", "name": "Skype for Windows"}, {"operator": "eq", "version": "1.1.*.6", "name": "Skype for Pocket PC"}], "enchantments": {"score": {"value": 7.3, "vector": "NONE", "modified": "2017-04-28T13:20:17", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-3267"]}, {"type": "cert", "idList": ["VU:905177"]}, {"type": "nessus", "idList": ["SKYPE_OVERFLOW.NASL", "SKYPE_OVERFLOW_NW.NASL", "FREEBSD_PKG_70FC13D94AB411DA932D00055D790C25.NASL"]}, {"type": "freebsd", "idList": ["70FC13D9-4AB4-11DA-932D-00055D790C25"]}, {"type": "openvas", "idList": ["OPENVAS:55778"]}], "modified": "2017-04-28T13:20:17", "rev": 2}, "vulnersScore": 7.3}, "references": [], "id": "OSVDB:20306", "lastseen": "2017-04-28T13:20:17", "cvelist": ["CVE-2005-3267"], "modified": "2005-10-25T22:31:16", "description": "## Vulnerability Description\nA remote overflow exists in Skype. The application fails to validate the user-controlled length of a UDP packet resulting in a heap overflow. With a specially crafted UDP packet, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Technical Description\nThe appropriate upgrade per platform is listed below.\n\nSkype for Windows:\nRelease 1.4.*.84 or later\n\nSkype for Mac OS X:\nRelease 1.3.*.17 or later\n\nSkype for Linux:\nRelease 1.1.*.20 or later\n\nSkype for Pocket PC:\nNo patch is yet available.\n## Solution Description\nUpgrade to the appropriate fixed version, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA remote overflow exists in Skype. The application fails to validate the user-controlled length of a UDP packet resulting in a heap overflow. With a specially crafted UDP packet, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## References:\n[Vendor Specific Advisory URL](http://www.skype.com/security/skype-sb-2005-03.html)\n[Secunia Advisory ID:17305](https://secuniaresearch.flexerasoftware.com/advisories/17305/)\nPacket Storm: http://packetstormsecurity.org/0510-advisories/skypeRealData.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-10/0284.html\nISS X-Force ID: 22850\nGeneric Informational URL: http://www.theregister.co.uk/2005/10/25/skype_vuln/\nFrSIRT Advisory: ADV-2005-2197\n[CVE-2005-3267](https://vulners.com/cve/CVE-2005-3267)\nCERT VU: 905177\nBugtraq ID: 15192\n", "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T05:24:38", "description": "Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a resultant heap-based buffer overflow.", "edition": 4, "cvss3": {}, "published": "2005-10-27T10:02:00", "title": "CVE-2005-3267", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-3267"], "modified": "2017-07-11T01:33:00", "cpe": ["cpe:/a:skype_technologies:skype:1.0.0.7", "cpe:/a:skype_technologies:skype:1.4.0.83", "cpe:/a:skype_technologies:skype:1.0.0.1", "cpe:/a:skype_technologies:skype:1.0.0.18", "cpe:/a:skype_technologies:skype:1.0.0.29", "cpe:/a:skype_technologies:skype:1.1.0.0", "cpe:/a:skype_technologies:skype:1.0.0.10", "cpe:/a:skype_technologies:skype:1.0.0.94", "cpe:/a:skype_technologies:skype:0.92.0.12", "cpe:/a:skype_technologies:skype:1.3.0.16", "cpe:/a:skype_technologies:skype:0.93.0.3", "cpe:/a:skype_technologies:skype:1.1.06", "cpe:/a:skype_technologies:skype:1.1.0.20", "cpe:/a:skype_technologies:skype:1.0.0.97", "cpe:/a:skype_technologies:skype:1.0.0.9", "cpe:/a:skype_technologies:skype:0.98.0.04", "cpe:/a:skype_technologies:skype:1.0.0.100", "cpe:/a:skype_technologies:skype:1.2.0.17"], "id": "CVE-2005-3267", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3267", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:skype_technologies:skype:1.0.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:skype_technologies:skype:0.92.0.12:*:linux:*:*:*:*:*", "cpe:2.3:a:skype_technologies:skype:1.0.0.97:*:*:*:*:*:*:*", "cpe:2.3:a:skype_technologies:skype:1.0.0.1:*:linux:*:*:*:*:*", "cpe:2.3:a:skype_technologies:skype:1.1.06:*:pocket_pc:*:*:*:*:*", "cpe:2.3:a:skype_technologies:skype:1.3.0.16:*:mac_os_x:*:*:*:*:*", "cpe:2.3:a:skype_technologies:skype:1.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:skype_technologies:skype:1.0.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:skype_technologies:skype:1.0.0.100:*:*:*:*:*:*:*", "cpe:2.3:a:skype_technologies:skype:0.93.0.3:*:linux:*:*:*:*:*", "cpe:2.3:a:skype_technologies:skype:1.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:skype_technologies:skype:0.98.0.04:*:*:*:*:*:*:*", "cpe:2.3:a:skype_technologies:skype:1.0.0.7:*:linux:*:*:*:*:*", "cpe:2.3:a:skype_technologies:skype:1.0.0.94:*:*:*:*:*:*:*", "cpe:2.3:a:skype_technologies:skype:1.1.0.20:*:linux:*:*:*:*:*", "cpe:2.3:a:skype_technologies:skype:1.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:skype_technologies:skype:1.2.0.17:*:linux:*:*:*:*:*", "cpe:2.3:a:skype_technologies:skype:1.4.0.83:*:*:*:*:*:*:*"]}], "cert": [{"lastseen": "2020-09-18T20:43:17", "bulletinFamily": "info", "cvelist": ["CVE-2005-3267"], "description": "### Overview \n\nA heap-based buffer overflow in Skype may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.\n\n### Description \n\nSkype software provides telephone service over IP networks. Skype contains a buffer overflow in a routine that parses incoming network traffic. The issue exists because Skype relies on user-controlled data to determine the size of buffers used to handle incoming packets. This may allow a remote attacker to manipulate memory allocation routines to create an under-sized buffer. When data is copied to this buffer, a heap-based buffer overflow may occur. \n\nFor more information, please refer to Skype Security Bulletin [SKYPE-SB/2005-003](<http://www.skype.com/security/skype-sb-2005-03.html>). \n \n--- \n \n### Impact \n\nA remote attacker may be able to overwrite heap memory causing the Skype process to crash or cause unpredictable behavior. In addition, [public reports](<http://www.securityfocus.com/archive/1/414519/30/0/threaded>) claim this vulnerability can be used to execute arbitrary code. \n \n--- \n \n### Solution \n\n**Upgrade Skype** \nPlease see Skype Security Bulletin [SKYPE-SB/2005-003](<http://www.skype.com/security/skype-sb-2005-03.html>) for a list of fixed Skype versions. \n \n--- \n \n### Vendor Information\n\n905177\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Skype Technologies __ Affected\n\nUpdated: October 26, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see <http://www.skype.com/security/skype-sb-2005-03.html>.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23905177 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://www.skype.com/security/skype-sb-2005-03.html>\n * <http://secunia.com/advisories/17305/>\n * <http://www.securityfocus.com/archive/1/414519/30/0/threaded>\n\n### Acknowledgements\n\nThis vulnerability was reported by SKY-CERT. Skype credits EADS Corporate Research Center security lab with providing information regarding this vulnerability.\n\nThis document was written by Jeff Gennari.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2005-3267](<http://web.nvd.nist.gov/vuln/detail/CVE-2005-3267>) \n---|--- \n**Severity Metric:** | 20.88 \n**Date Public:** | 2005-10-25 \n**Date First Published:** | 2005-10-26 \n**Date Last Updated: ** | 2005-10-31 14:00 UTC \n**Document Revision: ** | 18 \n", "modified": "2005-10-31T14:00:00", "published": "2005-10-26T00:00:00", "id": "VU:905177", "href": "https://www.kb.cert.org/vuls/id/905177", "type": "cert", "title": "Skype vulnerable to heap-based buffer overflow", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-02T21:10:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3265", "CVE-2005-3267"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-30T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:55778", "href": "http://plugins.openvas.org/nasl.php?oid=55778", "type": "openvas", "title": "FreeBSD Ports: skype", "sourceData": "#\n#VID 70fc13d9-4ab4-11da-932d-00055d790c25\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: skype\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/17305/\nhttp://skype.com/security/skype-sb-2005-02.html\nhttp://skype.com/security/skype-sb-2005-03.html\nhttp://www.vuxml.org/freebsd/70fc13d9-4ab4-11da-932d-00055d790c25.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(55778);\n script_version(\"$Revision: 4188 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-30 07:56:47 +0200 (Fri, 30 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2005-3265\", \"CVE-2005-3267\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: skype\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"skype\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2.0.18\")<0) {\n txt += 'Package skype version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:50", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3265", "CVE-2005-3267"], "description": "\nA Secunia Advisory reports:\n\nSome vulnerabilities have been reported in Skype,\n\t which can be exploited by malicious people to cause\n\t a DoS or to compromise a user's system.\n\n", "edition": 4, "modified": "2005-11-02T00:00:00", "published": "2005-10-25T00:00:00", "id": "70FC13D9-4AB4-11DA-932D-00055D790C25", "href": "https://vuxml.freebsd.org/freebsd/70fc13d9-4ab4-11da-932d-00055d790c25.html", "title": "skype -- multiple buffer overflow vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-04-01T06:03:15", "description": "The remote host is running Skype, a peer-to-peer, voice-over-IP\nsoftware.\n\nThe remote version of this software is vulnerable to a heap overflow\nin the handling of its data structures. An attacker can exploit this\nflaw by sending a specially crafted network packet to UDP or TCP ports\nSkype is listening on.\n\nSuccessful exploitation of this issue may result in a crash of the\nSkype user client or code execution on the remote host.", "edition": 27, "published": "2005-10-26T00:00:00", "title": "Skype < 1.4.0.84 Multiple Remote Overflows (credentialed check)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3265", "CVE-2005-3267"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:skype:skype"], "id": "SKYPE_OVERFLOW.NASL", "href": "https://www.tenable.com/plugins/nessus/20090", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20090);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\"CVE-2005-3265\", \"CVE-2005-3267\");\n script_bugtraq_id(15190, 15192);\n\n script_name(english:\"Skype < 1.4.0.84 Multiple Remote Overflows (credentialed check)\");\n script_summary(english:\"Checks for Skype Heap overflow for Windows\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"Arbitrary code can be executed on the remote host.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Skype, a peer-to-peer, voice-over-IP\nsoftware.\n\nThe remote version of this software is vulnerable to a heap overflow\nin the handling of its data structures. An attacker can exploit this\nflaw by sending a specially crafted network packet to UDP or TCP ports\nSkype is listening on.\n\nSuccessful exploitation of this issue may result in a crash of the\nSkype user client or code execution on the remote host.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.skype.com/security/skype-sb-2005-03.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to skype version 1.4.0.84 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:skype:skype\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(139, 445);\n exit(0);\n}\n\n#\n\ninclude(\"smb_func.inc\");\ninclude(\"audit.inc\");\n\nname = kb_smb_name();\nport = kb_smb_transport();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\n\n\n\n\nif(! smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init');\n\nr = NetUseAdd(login:login, password:pass, domain:domain, share:\"IPC$\");\nif (r != 1)\n exit(1);\n\nhklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);\nif (isnull(hklm))\n{\n NetUseDel();\n exit(1);\n}\n\n\nkey = \"SOFTWARE\\Skype\\Phone\";\nitem = \"SkypePath\";\n\nkey_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);\nif (!isnull(key_h))\n{\n value = RegQueryValue(handle:key_h, item:item);\n if (!isnull(value))\n dir = value[1];\n\n RegCloseKey(handle:key_h);\n}\n\nRegCloseKey(handle:hklm);\nNetUseDel(close:FALSE);\n\nif (dir)\n{\n share = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:dir);\n\n r = NetUseAdd(share:share);\n if (r == 1)\n {\n file = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\", string:dir);\n handle = CreateFile(\n file:file,\n desired_access:GENERIC_READ,\n file_attributes:FILE_ATTRIBUTE_NORMAL,\n share_mode:FILE_SHARE_READ,\n create_disposition:OPEN_EXISTING\n );\n ver = NULL;\n if (!isnull(handle))\n {\n ver = GetFileVersion(handle:handle);\n CloseFile(handle:handle);\n }\n\n if (!isnull(ver))\n {\n if ( (ver[0] < 1) ||\n (ver[0] == 1 && ver[1] < 4) ||\n (ver[0] == 1 && ver[1] == 4 && ver[2] == 0 && ver[3] < 84) )\n security_hole(0);\n }\n }\n}\n\nNetUseDel();\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T06:03:15", "description": "The remote host is running Skype, a peer-to-peer voice over IP\nsoftware. \n\nThe remote version of this software is vulnerable to a heap overflow\nin the handling of its data structures. An attacker can exploit this\nflaw by sending a specially crafted network packet to UDP or TCP ports\nSkype is listening on. A successful exploitation of this flaw will \nresult in code execution on the remote host. \n\nIn addition, Skype has been reported to contain overflows in the\nhandling of VCards and callto/skype URLs. However, Nessus has not\nchecked for them.", "edition": 27, "published": "2006-04-11T00:00:00", "title": "Skype < 1.4.0.84 Multiple Vulnerabilities (uncredentialed check)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3265", "CVE-2005-3267"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:skype:skype"], "id": "SKYPE_OVERFLOW_NW.NASL", "href": "https://www.tenable.com/plugins/nessus/21209", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# This script depends on a .nbin plugin\nif ( NASL_LEVEL < 3000 ) exit(0);\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21209);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\"CVE-2005-3265\", \"CVE-2005-3267\");\n script_bugtraq_id(15190, 15192);\n\n script_name(english:\"Skype < 1.4.0.84 Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks for Skype Heap overflow for Windows\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Arbitrary code can be executed on the remote host.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Skype, a peer-to-peer voice over IP\nsoftware. \n\nThe remote version of this software is vulnerable to a heap overflow\nin the handling of its data structures. An attacker can exploit this\nflaw by sending a specially crafted network packet to UDP or TCP ports\nSkype is listening on. A successful exploitation of this flaw will \nresult in code execution on the remote host. \n\nIn addition, Skype has been reported to contain overflows in the\nhandling of VCards and callto/skype URLs. However, Nessus has not\nchecked for them.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.skype.com/security/skype-sb-2005-03.html\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to skype version 1.4.0.84 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/04/11\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/10/26\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:skype:skype\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"skype_version.nbin\");\n script_require_keys(\"Services/skype\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nport = get_service(svc:\"skype\", exit_on_fail:TRUE);\n\nts = get_kb_item_or_exit(\"Skype/\"+port+\"/stackTimeStamp\");\nif (ts > 0 && ts < 510211313) security_hole(port);\nelse exit(0, \"The Skype client listening on port \"+port+\" is not affected based on its timestamp (\"+ts+\").\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:45:32", "description": "A Secunia Advisory reports :\n\nSome vulnerabilities have been reported in Skype, which can be\nexploited by malicious people to cause a DoS or to compromise a user's\nsystem.", "edition": 27, "published": "2006-05-13T00:00:00", "title": "FreeBSD : skype -- multiple buffer overflow vulnerabilities (70fc13d9-4ab4-11da-932d-00055d790c25)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3265", "CVE-2005-3267"], "modified": "2006-05-13T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:skype"], "id": "FREEBSD_PKG_70FC13D94AB411DA932D00055D790C25.NASL", "href": "https://www.tenable.com/plugins/nessus/21451", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21451);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-3265\", \"CVE-2005-3267\");\n script_xref(name:\"CERT\", value:\"668193\");\n script_xref(name:\"CERT\", value:\"930345\");\n script_xref(name:\"Secunia\", value:\"17305\");\n\n script_name(english:\"FreeBSD : skype -- multiple buffer overflow vulnerabilities (70fc13d9-4ab4-11da-932d-00055d790c25)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A Secunia Advisory reports :\n\nSome vulnerabilities have been reported in Skype, which can be\nexploited by malicious people to cause a DoS or to compromise a user's\nsystem.\"\n );\n # http://skype.com/security/skype-sb-2005-02.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.skype.com/security/skype-sb-2005-02.html\"\n );\n # http://skype.com/security/skype-sb-2005-03.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.skype.com/security/skype-sb-2005-03.html\"\n );\n # https://vuxml.freebsd.org/freebsd/70fc13d9-4ab4-11da-932d-00055d790c25.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?67643921\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:skype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"skype<1.2.0.18\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}