Vulnerabilities > CVE-2005-1545 - Unspecified vulnerability in HT Editor HT Editor

047910
CVSS 5.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
high complexity
ht-editor
nessus
NVD
Published: 2005-05-14
Updated: 2008-09-10

Summary

Integer overflow in the ELF parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted ELF file, which leads to a heap-based buffer overflow.

Vulnerable Configurations

Part Description Count
Application
Ht_Editor
22

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-773.NASL
    descriptionThis advisory adds security support for the stable amd64 distribution. It covers all security updates since the release of sarge, which were missing updated packages for the not yet official amd64 port. Future security advisories will include updates for this port as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id57528
    published2012-01-12
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57528
    titleDebian DSA-773-1 : amd64 - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-773. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(57528);
  script_version("1.6");
  script_cvs_date("Date: 2019/08/02 13:32:18");

  script_cve_id("CVE-2005-0392", "CVE-2005-0393", "CVE-2005-0469", "CVE-2005-0753", "CVE-2005-1151", "CVE-2005-1152", "CVE-2005-1174", "CVE-2005-1175", "CVE-2005-1266", "CVE-2005-1269", "CVE-2005-1545", "CVE-2005-1546", "CVE-2005-1686", "CVE-2005-1689", "CVE-2005-1796", "CVE-2005-1848", "CVE-2005-1849", "CVE-2005-1850", "CVE-2005-1851", "CVE-2005-1852", "CVE-2005-1853", "CVE-2005-1858", "CVE-2005-1914", "CVE-2005-1916", "CVE-2005-1922", "CVE-2005-1923", "CVE-2005-1934", "CVE-2005-1992", "CVE-2005-1993", "CVE-2005-2024", "CVE-2005-2040", "CVE-2005-2056", "CVE-2005-2070", "CVE-2005-2096", "CVE-2005-2231", "CVE-2005-2250", "CVE-2005-2277", "CVE-2005-2301", "CVE-2005-2302", "CVE-2005-2370");
  script_xref(name:"DSA", value:"773");

  script_name(english:"Debian DSA-773-1 : amd64 - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This advisory adds security support for the stable amd64 distribution.
It covers all security updates since the release of sarge, which were
missing updated packages for the not yet official amd64 port. Future
security advisories will include updates for this port as well."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2005/dsa-773"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Upgrade the affected several package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:several");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/08/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/12");
  script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/28");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.1", prefix:"affix", reference:"2.1.1-2")) flag++;
if (deb_check(release:"3.1", prefix:"centericq", reference:"4.20.0-1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"centericq-common", reference:"4.20.0-1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"centericq-fribidi", reference:"4.20.0-1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"centericq-utf8", reference:"4.20.0-1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"clamav", reference:"0.84-2.sarge.1")) flag++;
if (deb_check(release:"3.1", prefix:"clamav-daemon", reference:"0.84-2.sarge.1")) flag++;
if (deb_check(release:"3.1", prefix:"clamav-freshclam", reference:"0.84-2.sarge.1")) flag++;
if (deb_check(release:"3.1", prefix:"clamav-milter", reference:"0.84-2.sarge.1")) flag++;
if (deb_check(release:"3.1", prefix:"crip", reference:"3.5-1sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"cvs", reference:"1.11.1p1debian-11")) flag++;
if (deb_check(release:"3.1", prefix:"dhcpcd", reference:"1.3.22pl4-21sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"ekg", reference:"1.5+20050411-5")) flag++;
if (deb_check(release:"3.1", prefix:"ettercap", reference:"0.7.1-1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"ettercap-common", reference:"0.7.1-1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"ettercap-gtk", reference:"0.7.1-1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"fuse-utils", reference:"2.2.1-4sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"gaim", reference:"1.2.1-1.4")) flag++;
if (deb_check(release:"3.1", prefix:"gaim-dev", reference:"1.2.1-1.4")) flag++;
if (deb_check(release:"3.1", prefix:"gedit", reference:"2.8.3-4sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"gopher", reference:"3.0.7sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"heartbeat", reference:"1.2.3-9sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"heartbeat-dev", reference:"1.2.3-9sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"heimdal-clients", reference:"0.6.3-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"heimdal-clients-x", reference:"0.6.3-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"heimdal-dev", reference:"0.6.3-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"heimdal-kdc", reference:"0.6.3-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"heimdal-servers", reference:"0.6.3-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"heimdal-servers-x", reference:"0.6.3-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"ht", reference:"0.8.0-2sarge4")) flag++;
if (deb_check(release:"3.1", prefix:"krb5-admin-server", reference:"1.3.6-2sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"krb5-clients", reference:"1.3.6-2sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"krb5-ftpd", reference:"1.3.6-2sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"krb5-kdc", reference:"1.3.6-2sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"krb5-rsh-server", reference:"1.3.6-2sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"krb5-telnetd", reference:"1.3.6-2sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"krb5-user", reference:"1.3.6-2sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"libaffix-dev", reference:"2.1.1-2")) flag++;
if (deb_check(release:"3.1", prefix:"libaffix2", reference:"2.1.1-2")) flag++;
if (deb_check(release:"3.1", prefix:"libasn1-6-heimdal", reference:"0.6.3-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"libclamav-dev", reference:"0.84-2.sarge.1")) flag++;
if (deb_check(release:"3.1", prefix:"libclamav1", reference:"0.84-2.sarge.1")) flag++;
if (deb_check(release:"3.1", prefix:"libdbm-ruby1.8", reference:"1.8.2-7sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"libfuse-dev", reference:"2.2.1-4sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"libfuse2", reference:"2.2.1-4sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"libgadu-dev", reference:"1.5+20050411-5")) flag++;
if (deb_check(release:"3.1", prefix:"libgadu3", reference:"1.5+20050411-5")) flag++;
if (deb_check(release:"3.1", prefix:"libgdbm-ruby1.8", reference:"1.8.2-7sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"libgssapi1-heimdal", reference:"0.6.3-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"libhdb7-heimdal", reference:"0.6.3-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"libkadm55", reference:"1.3.6-2sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"libkadm5clnt4-heimdal", reference:"0.6.3-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"libkadm5srv7-heimdal", reference:"0.6.3-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"libkafs0-heimdal", reference:"0.6.3-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"libkrb5-17-heimdal", reference:"0.6.3-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"libkrb5-dev", reference:"1.3.6-2sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"libkrb53", reference:"1.3.6-2sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"libopenssl-ruby1.8", reference:"1.8.2-7sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"libpils-dev", reference:"1.2.3-9sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"libpils0", reference:"1.2.3-9sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"libreadline-ruby1.8", reference:"1.8.2-7sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"libruby1.8", reference:"1.8.2-7sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"libruby1.8-dbg", reference:"1.8.2-7sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"libstonith-dev", reference:"1.2.3-9sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"libstonith0", reference:"1.2.3-9sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"libtcltk-ruby1.8", reference:"1.8.2-7sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"pdns", reference:"2.9.17-13sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"pdns-backend-geo", reference:"2.9.17-13sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"pdns-backend-ldap", reference:"2.9.17-13sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"pdns-backend-mysql", reference:"2.9.17-13sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"pdns-backend-pgsql", reference:"2.9.17-13sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"pdns-backend-pipe", reference:"2.9.17-13sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"pdns-backend-sqlite", reference:"2.9.17-13sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"pdns-recursor", reference:"2.9.17-13sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"pdns-server", reference:"2.9.17-13sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"ppxp", reference:"0.2001080415-10sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"ppxp-dev", reference:"0.2001080415-10sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"ppxp-tcltk", reference:"0.2001080415-10sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"ppxp-x11", reference:"0.2001080415-10sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"qpopper", reference:"4.0.5-4sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"qpopper-drac", reference:"4.0.5-4sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"razor", reference:"2.670-1sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"ruby1.8", reference:"1.8.2-7sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"ruby1.8-dev", reference:"1.8.2-7sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"spamc", reference:"3.0.3-2")) flag++;
if (deb_check(release:"3.1", prefix:"stonith", reference:"1.2.3-9sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"sudo", reference:"1.6.8p7-1.1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"zlib-bin", reference:"1.2.2-4.sarge.2")) flag++;
if (deb_check(release:"3.1", prefix:"zlib1g", reference:"1.2.2-4.sarge.2")) flag++;
if (deb_check(release:"3.1", prefix:"zlib1g-dev", reference:"1.2.2-4.sarge.2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200505-08.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200505-08 (HT Editor: Multiple buffer overflows) Tavis Ormandy of the Gentoo Linux Security Team discovered an integer overflow in the ELF parser, leading to a heap-based buffer overflow. The vendor has reported that an unrelated buffer overflow has been discovered in the PE parser. Impact : Successful exploitation would require the victim to open a specially crafted file using HT, potentially permitting an attacker to execute arbitrary code. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id18234
    published2005-05-11
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18234
    titleGLSA-200505-08 : HT Editor: Multiple buffer overflows
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200505-08.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(18234);
  script_version("1.14");
  script_cvs_date("Date: 2019/08/02 13:32:42");

  script_cve_id("CVE-2005-1545", "CVE-2005-1546");
  script_xref(name:"GLSA", value:"200505-08");

  script_name(english:"GLSA-200505-08 : HT Editor: Multiple buffer overflows");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200505-08
(HT Editor: Multiple buffer overflows)

    Tavis Ormandy of the Gentoo Linux Security Team discovered an integer
    overflow in the ELF parser, leading to a heap-based buffer overflow.
    The vendor has reported that an unrelated buffer overflow has been
    discovered in the PE parser.
  
Impact :

    Successful exploitation would require the victim to open a specially
    crafted file using HT, potentially permitting an attacker to execute
    arbitrary code.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200505-08"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All hteditor users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=app-editors/hteditor-0.8.0-r2'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:hteditor");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/05/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/05/11");
  script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/10");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"app-editors/hteditor", unaffected:make_list("ge 0.8.0-r2"), vulnerable:make_list("lt 0.8.0-r2"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "HT Editor");
}
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-743.NASL
    descriptionSeveral problems have been discovered in ht, a viewer, editor and analyser for various executables, that may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-1545 Tavis Ormandy of the Gentoo Linux Security Team discovered an integer overflow in the ELF parser. - CAN-2005-1546 The authors have discovered a buffer overflow in the PE parser.
    last seen2020-06-01
    modified2020-06-02
    plugin id18651
    published2005-07-08
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18651
    titleDebian DSA-743-1 : ht - buffer overflows, integer overflows

References