CVE-2005-1815
published 2005-06-01CVE-2005-1815: Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 and 9.0.0.4 allows attackers to cause a denial of service and possibly execute arbitrary…
PriorityP338medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
47.19%
98.7th percentile
Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 and 9.0.0.4 allows attackers to cause a denial of service and possibly execute arbitrary code via (1) an FTP command with a long argument to FTPD (ftpdw.exe) or (2) a large amount of data to LPD (Lpdw.exe).
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hummingbird | connectivity | — | — |
| hummingbird | connectivity | — | — |
| hummingbird | connectivity | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts against the LPD service (TCP/515) sending oversized payloads — the exploit sends a buffer of 1596–1620 bytes of filler followed by an SEH overwrite record. ↗
- →Monitor for abnormally large data sent to TCP port 515 (LPD) targeting Lpdw.exe; legitimate LPD print jobs do not require kilobyte-scale single-burst payloads. ↗
- →Monitor for FTP commands with excessively long arguments directed at ftpdw.exe, which is the Hummingbird FTPD process; this is the second attack vector for CVE-2005-1815. ↗
- →The exploit uses SEH-based payload delivery with bad characters \x00 and \x0a stripped; look for shellcode patterns in LPD traffic lacking null bytes and newlines. ↗
- →The Metasploit module targets Windows 2000 SP0-SP4 and Windows XP SP0/SP1 with specific return addresses; presence of these RET values (0x75022ac4, 0x71aa2461) in network traffic to port 515 is a strong exploit indicator. ↗
- ·The Metasploit module was tested only against Hummingbird Exceed v10 with SP5; offsets and return addresses may differ for other patch levels. ↗
- ·Two distinct processes are vulnerable (ftpdw.exe on FTP and Lpdw.exe on LPD/515); detection rules and process monitoring must cover both binaries. ↗
- ·Payload space is constrained to 500 bytes with a stack adjustment of -3500; staged or large shellcode payloads will not fit within the exploit's payload space. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Hummingbird Connectivity 10 SP5 - LPD Buffer Overflow (Metasploit)
exploitdb·2010-09-20
CVE-2005-1815 Hummingbird Connectivity 10 SP5 - LPD Buffer Overflow (Metasploit)
Hummingbird Connectivity 10 SP5 - LPD Buffer Overflow (Metasploit)
---
##
# $Id: hummingbird_exceed.rb 10394 2010-09-20 08:06:27Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Hummingbird Connectivity 10 SP5 LPD Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Hummingbird Connectivity
10 LPD Daemon. This module has only been tested against Hummingbird
Exceed v10 with SP5.
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 10394 $',
'References' =>
[
['CVE', '2005-1815'
Metasploit
Hummingbird Connectivity 10 SP5 LPD Buffer Overflow
metasploit
Hummingbird Connectivity 10 SP5 LPD Buffer Overflow
Hummingbird Connectivity 10 SP5 LPD Buffer Overflow
This module exploits a stack buffer overflow in Hummingbird Connectivity 10 LPD Daemon. This module has only been tested against Hummingbird Exceed v10 with SP5.
No writeups or analysis indexed.
http://connectivity.hummingbird.com/support/nc/exceed/ftpd_advisory.html?cks=yhttp://connectivity.hummingbird.com/support/nc/exceed/lpdw_advisory.htmlhttp://secunia.com/advisories/15557http://www.securityfocus.com/bid/13788http://www.securityfocus.com/bid/13790http://connectivity.hummingbird.com/support/nc/exceed/ftpd_advisory.html?cks=yhttp://connectivity.hummingbird.com/support/nc/exceed/lpdw_advisory.htmlhttp://secunia.com/advisories/15557http://www.securityfocus.com/bid/13788http://www.securityfocus.com/bid/13790
2005-06-01
Published