CVE-2005-3694
published 2005-11-20CVE-2005-3694: centericq 4.20.0-r3 with "Enable peer-to-peer communications" set allows remote attackers to cause a denial of service (segmentation fault and crash) via short…
PriorityP334high7.8CVSS 2.0
AVNACLAuNCNINAC
EXPLOIT
EPSS
11.99%
95.6th percentile
centericq 4.20.0-r3 with "Enable peer-to-peer communications" set allows remote attackers to cause a denial of service (segmentation fault and crash) via short zero-length packets, and possibly packets of length 1 or 2, as demonstrated using Nessus.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| centericq | centericq | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
centericq multiple vulnerabilities (CVE-2005-3694, CVE-2005-3863, ZRCSA 200503)
bugzilla·2005-12-22·CVSS 7.8
CVE-2005-3694 [HIGH] centericq multiple vulnerabilities (CVE-2005-3694, CVE-2005-3863, ZRCSA 200503)
centericq multiple vulnerabilities (CVE-2005-3694, CVE-2005-3863, ZRCSA 200503)
Just happened to notice, haven't investigated. Gentoo advisory at
http://www.gentoo.org/security/en/glsa/glsa-200512-11.xml contains more info and
links in the references section.
Discussion:
Will look into it thanks :)
---
Thanks for the info. Patched.
Bugzilla
centericq DoS (CVE-2005-3694)
bugzilla·2005-11-30·CVSS 7.8
CVE-2005-3694 [HIGH] centericq DoS (CVE-2005-3694)
centericq DoS (CVE-2005-3694)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-3694
Haven't checked whether this applies to 4.21.0, but Gentoo applies some patches
to their 4.21.0 that "smell" like it:
http://www.gentoo.org/cgi-bin/viewcvs.cgi/net-im/centericq/files/
More info and PoC for testing at https://bugs.gentoo.org/show_bug.cgi?id=100519
Discussion:
Thanks
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334089http://secunia.com/advisories/17798http://secunia.com/advisories/17818http://secunia.com/advisories/18081http://security.gentoo.org/glsa/glsa-200512-11.xmlhttp://www.debian.org/security/2005/dsa-912http://www.osvdb.org/21270http://www.securityfocus.com/bid/15649https://bugs.gentoo.org/show_bug.cgi?id=100519https://exchange.xforce.ibmcloud.com/vulnerabilities/23327http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334089http://secunia.com/advisories/17798http://secunia.com/advisories/17818http://secunia.com/advisories/18081http://security.gentoo.org/glsa/glsa-200512-11.xmlhttp://www.debian.org/security/2005/dsa-912http://www.osvdb.org/21270http://www.securityfocus.com/bid/15649https://bugs.gentoo.org/show_bug.cgi?id=100519https://exchange.xforce.ibmcloud.com/vulnerabilities/23327
2005-11-20
Published