Vulnerability CVE-2005-2041

Vulnerability Name:

CVE-2005-2041 (CCN-21000)

Assigned:

2005-06-15

Published:

2005-06-15

Updated:

2017-07-11

Summary:

Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other products, allows remote attackers to execute arbitrary code via a long ViRobot_ID cookie (HTTP_COOKIE).

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
4.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2005-2041

Source: FULLDISC
Type: UNKNOWN
20050615 DMA[2005-0614a] - 'Global Hauri ViRobot Server cookie overflow'

Source: CCN
Type: SA15700
ViRobot Linux Server Cookie Overflow Vulnerability

Source: SECUNIA
Type: UNKNOWN
15700

Source: MISC
Type: Vendor Advisory
http://www.digitalmunition.com/DMA%5B2005-0614a%5D.txt

Source: CCN
Type: Digital Almunition DMA 2005-0614a
Global Hauri ViRobot Server cookie overflow

Source: CONFIRM
Type: UNKNOWN
http://www.globalhauri.com/html/download/down_unixpatch.html

Source: CCN
Type: ViRobot Linux Server Web page
The AntiVirus Wizards of HAURI

Source: OSVDB
Type: UNKNOWN
17320

Source: CCN
Type: OSVDB ID: 17320
HAURI ViRobot Linux Server addschup Cookie Field Remote Overflow

Source: CCN
Type: OSVDB ID: 18919
HAURI ViRobot Linux Server addschup ViRobot_ID Variable Overflow

Source: MISC
Type: Exploit
http://www.securiteam.com/exploits/5TP0C1FG1I.html

Source: BID
Type: UNKNOWN
12964

Source: CCN
Type: BID-13964
ViRobot Linux Server Remote Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
virobot-addschup-bo(21000)

Source: XF
Type: UNKNOWN
virobot-addschup-bo(21000)

Vulnerable Configuration:

Configuration 1:

cpe:/a:hauri:virobot_linux_server:2.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:hauri:virobot:linux_server_2.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK