Vulnerability Name:

CVE-2005-3029 (CCN-22297)

Assigned:2005-09-15
Published:2005-09-15
Updated:2016-10-18
Summary:Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 VirusBlock 2005 build 6.0.0.383, and V3Net for Windows Server 6.0 build 6.0.0.383 allows remote attackers to execute arbitrary code via a long filname in an ACE archive.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2005-2986

Source: MITRE
Type: CNA
CVE-2005-3029

Source: MITRE
Type: CNA
CVE-2005-3030

Source: CCN
Type: AhnLab V3Pro Web site
AhnLab V3Pro

Source: CCN
Type: ASEC Advisory SA-2005-001
AhnLab V3 Compressed File Directory Traversal and Privilege Escalation Vulnerability

Source: CONFIRM
Type: Patch, Vendor Advisory
http://info.ahnlab.com/english/advisory/01.html

Source: BUGTRAQ
Type: UNKNOWN
20050915 Secunia Research: Ahnlab V3 Antivirus Multiple Vulnerabilities

Source: CCN
Type: SA15674
AhnLab V3 Antivirus Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
15674

Source: MISC
Type: Patch, Vendor Advisory
http://secunia.com/secunia_research/2005-17/advisory/

Source: CCN
Type: OSVDB ID: 19414
AhnLab V3 Anti-Virus v3flt2k.sys DeviceIoControl() Local Privilege Escalation

Source: CCN
Type: OSVDB ID: 19415
AhnLab V3 Anti-Virus ACE Archive Decompression Long Filename Overflow

Source: CCN
Type: OSVDB ID: 19416
AhnLab V3 Anti-Virus Archive Decompression Traversal Arbitrary File Write

Source: BID
Type: Patch
14844

Source: CCN
Type: BID-14844
Ahnlab V3 Antivirus ACE Archive Handling Remote Buffer Overflow Vulnerability

Source: CCN
Type: BID-14847
AEwebworks aeDating Search_Result.PHP SQL Injection Vulnerability

Source: CCN
Type: BID-14848
Ahnlab V3 Antivirus ACE Archive Handling Directory Traversal Vulnerability

Source: CCN
Type: BID-14850
Ahnlab V3 Antivirus Privilege Escalation Vulnerability

Source: XF
Type: UNKNOWN
ahnlab-v3flt2k-gain-privilege(22297)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ahnlab:v3_virusblock_2005:6.0.0.383:*:*:*:*:*:*:*
  • OR cpe:/a:ahnlab:v3net:6.0.0.383:*:win_server:*:*:*:*:*
  • OR cpe:/a:ahnlab:v3pro_2004:6.0.0.383:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ahnlab v3 virusblock 2005 6.0.0.383
    ahnlab v3net 6.0.0.383
    ahnlab v3pro 2004 6.0.0.383