Back to search
CVE-2005-1666
Published: May 18, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via long arguments to FTP commands such as MKD, RMD, or DELE, which are processed by the (1) ftp_xlate_path, (2) ftp_is_canonical, or (3) os_fn_nativize functions, or (4) a long SSI command that is processed by the parse_cmd function in cgissi.exe.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
16165
vdb-entry
x_refsource_OSVDB
1013923
vdb-entry
x_refsource_SECTRACK
16166
vdb-entry
x_refsource_OSVDB
http://www.securiteam.com/windowsntfocus/5FP0H00FPS.html
x_refsource_MISC
orenosv-http-ftp-commands-bo(20510)
vdb-entry
x_refsource_XF
13546
vdb-entry
x_refsource_BID
13549
vdb-entry
x_refsource_BID
http://www.security.org.sg/vuln/orenosv081.html
x_refsource_MISC
ADV-2005-0499
vdb-entry
x_refsource_VUPEN
http://hp.vector.co.jp/authors/VA027031/orenosv/index_en.html
x_refsource_CONFIRM
orenosv-http-ftp-cgissi-bo(20512)
vdb-entry
x_refsource_XF
15302
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now