CVE-2005-0807

Multiple buffer overflows in Cain & Abel before 2.67 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via (1) an IKE packet with a large ID field that is not properly handled by the PSK sniffer filter, (2) the HTTP sniffer filter, or the (3) POP3, (4) SMTP, (5) IMAP, (6) NNTP, or (7) TDS sniffer filters.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.oxid.it/
http://www.securityfocus.com/bid/12840
http://securitytracker.com/id?1013476
http://secunia.com/advisories/14630	Patch
http://marc.info/?l=bugtraq&m=111116097313427&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/19744
https://exchange.xforce.ibmcloud.com/vulnerabilities/19742

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oxid:cain_and_abel:2.5_beta21:::::::*
	cpe:2.3:a:oxid:cain_and_abel:2.5_beta29:::::::*
	cpe:2.3:a:oxid:cain_and_abel:2.5_beta59:::::::*
	cpe:2.3:a:oxid:cain_and_abel:2.5_beta65:::::::*
	cpe:2.3:a:oxid:cain_and_abel:2.5:::::::*
	cpe:2.3:a:oxid:cain_and_abel:2.5_beta51:::::::*
	cpe:2.3:a:oxid:cain_and_abel:2.5_beta56:::::::*
	cpe:2.3:a:oxid:cain_and_abel:2.5_beta34:::::::*
	cpe:2.3:a:oxid:cain_and_abel:2.5_beta36:::::::*
	cpe:2.3:a:oxid:cain_and_abel:2.5_beta40:::::::*
	cpe:2.3:a:oxid:cain_and_abel:2.65:::::::*
	cpe:2.3:a:oxid:cain_and_abel:2.5_beta41:::::::*
	cpe:2.3:a:oxid:cain_and_abel:2.5_beta47:::::::*

Information

Published : 2005-05-01 21:00

Updated : 2017-07-10 18:32

NVD link : CVE-2005-0807

Mitre link : CVE-2005-0807

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

oxid

cain_and_abel

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.oxid.it/", "name": "http://www.oxid.it/", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/12840", "name": "12840", "tags": [], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1013476", "name": "1013476", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/14630", "name": "14630", "tags": ["Patch"], "refsource": "SECUNIA"}, {"url": "http://marc.info/?l=bugtraq&m=111116097313427&w=2", "name": "20050318 Cain & Abel PSK Sniffer Heap overflow", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19744", "name": "cain-abel-http-filter-bo(19744)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19742", "name": "cain-abel-ikepsk-bo(19742)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple buffer overflows in Cain & Abel before 2.67 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via (1) an IKE packet with a large ID field that is not properly handled by the PSK sniffer filter, (2) the HTTP sniffer filter, or the (3) POP3, (4) SMTP, (5) IMAP, (6) NNTP, or (7) TDS sniffer filters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-0807", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-05-02T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:oxid:cain_and_abel:2.5_beta21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oxid:cain_and_abel:2.5_beta29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oxid:cain_and_abel:2.5_beta59:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oxid:cain_and_abel:2.5_beta65:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oxid:cain_and_abel:2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oxid:cain_and_abel:2.5_beta51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oxid:cain_and_abel:2.5_beta56:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oxid:cain_and_abel:2.5_beta34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oxid:cain_and_abel:2.5_beta36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oxid:cain_and_abel:2.5_beta40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oxid:cain_and_abel:2.65:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oxid:cain_and_abel:2.5_beta41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oxid:cain_and_abel:2.5_beta47:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:32Z"}