CVE-2005-0807

Multiple buffer overflows in Cain & Abel before 2.67 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via (1) an IKE packet with a large ID field that is not properly handled by the PSK sniffer filter, (2) the HTTP sniffer filter, or the (3) POP3, (4) SMTP, (5) IMAP, (6) NNTP, or (7) TDS sniffer filters.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=111116097313427&w=2
http://secunia.com/advisories/14630	Patch
http://securitytracker.com/id?1013476
http://www.oxid.it/
http://www.securityfocus.com/bid/12840
https://exchange.xforce.ibmcloud.com/vulnerabilities/19742
https://exchange.xforce.ibmcloud.com/vulnerabilities/19744

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oxid:cain_and_abel:2.5:::::::*
	cpe:2.3:a:oxid:cain_and_abel:2.5_beta21:::::::*
	cpe:2.3:a:oxid:cain_and_abel:2.5_beta29:::::::*
	cpe:2.3:a:oxid:cain_and_abel:2.5_beta34:::::::*
	cpe:2.3:a:oxid:cain_and_abel:2.5_beta36:::::::*
	cpe:2.3:a:oxid:cain_and_abel:2.5_beta40:::::::*
	cpe:2.3:a:oxid:cain_and_abel:2.5_beta41:::::::*
	cpe:2.3:a:oxid:cain_and_abel:2.5_beta47:::::::*
	cpe:2.3:a:oxid:cain_and_abel:2.5_beta51:::::::*
	cpe:2.3:a:oxid:cain_and_abel:2.5_beta56:::::::*
	cpe:2.3:a:oxid:cain_and_abel:2.5_beta59:::::::*
	cpe:2.3:a:oxid:cain_and_abel:2.5_beta65:::::::*
	cpe:2.3:a:oxid:cain_and_abel:2.65:::::::*

History

No history.

Information

Published : 2005-05-02 04:00

Updated : 2024-02-04 16:52

NVD link : CVE-2005-0807

Mitre link : CVE-2005-0807

CVE.ORG link : CVE-2005-0807

JSON object : View

Products Affected

oxid

cain_and_abel

CWE

NVD-CWE-Other

{"id": "CVE-2005-0807", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-05-02T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=111116097313427&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/14630", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1013476", "source": "cve@mitre.org"}, {"url": "http://www.oxid.it/", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/12840", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19742", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19744", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in Cain & Abel before 2.67 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via (1) an IKE packet with a large ID field that is not properly handled by the PSK sniffer filter, (2) the HTTP sniffer filter, or the (3) POP3, (4) SMTP, (5) IMAP, (6) NNTP, or (7) TDS sniffer filters."}], "lastModified": "2017-07-11T01:32:25.170", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oxid:cain_and_abel:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3BC3981-3257-4C4E-84D6-39D418B23C84"}, {"criteria": "cpe:2.3:a:oxid:cain_and_abel:2.5_beta21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "529D9000-ADDA-47FC-B52B-5EB11794D8C3"}, {"criteria": "cpe:2.3:a:oxid:cain_and_abel:2.5_beta29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "057187E0-5801-4362-BB92-7A73B2A61A96"}, {"criteria": "cpe:2.3:a:oxid:cain_and_abel:2.5_beta34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33BBA2EB-92CC-4961-A5A1-A535AD764A82"}, {"criteria": "cpe:2.3:a:oxid:cain_and_abel:2.5_beta36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEA4FFD4-0BBF-4368-9F48-ADB783103E20"}, {"criteria": "cpe:2.3:a:oxid:cain_and_abel:2.5_beta40:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50ED95C2-2E07-4F3B-BF5E-4B221EAB60AC"}, {"criteria": "cpe:2.3:a:oxid:cain_and_abel:2.5_beta41:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08A35BC2-20C6-4CB5-8E0F-153D11C42BF2"}, {"criteria": "cpe:2.3:a:oxid:cain_and_abel:2.5_beta47:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C9CF0AE-1369-46DA-A395-E13E8095BB42"}, {"criteria": "cpe:2.3:a:oxid:cain_and_abel:2.5_beta51:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18552FDB-FF80-4AE2-8654-3AD0656249C4"}, {"criteria": "cpe:2.3:a:oxid:cain_and_abel:2.5_beta56:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1311B19-DBC4-4EF0-B3F0-A882DDBF3E30"}, {"criteria": "cpe:2.3:a:oxid:cain_and_abel:2.5_beta59:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68EDA7F0-4C16-449B-8234-0B7DFC587CFD"}, {"criteria": "cpe:2.3:a:oxid:cain_and_abel:2.5_beta65:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F3A51F3-046D-4F1D-AA1E-D76AF9B2FF5C"}, {"criteria": "cpe:2.3:a:oxid:cain_and_abel:2.65:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF6F40FE-3E67-4118-90F4-9A03478A0B10"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}