Vulnerabilities > CVE-2005-2904 - Remote Denial Of Service vulnerability in Zebedee 2.4.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Zebedee 2.4.1, when "allowed redirection port" is not set, allows remote attackers to cause a denial of service (application crash) via a zero in the port number of the protocol option header, which triggers an assert error in the makeConnection function in zebedee.c.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Zebedee 2.4.1 Remote Denial Of Service Vulnerability. CVE-2005-2904 . Dos exploit for linux platform |
id | EDB-ID:26249 |
last seen | 2016-02-03 |
modified | 2005-09-09 |
published | 2005-09-09 |
reporter | Shiraishi.M |
source | https://www.exploit-db.com/download/26249/ |
title | Zebedee 2.4.1 - Remote Denial of Service Vulnerability |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200509-14.NASL description The remote host is affected by the vulnerability described in GLSA-200509-14 (Zebedee: Denial of Service vulnerability) last seen 2020-06-01 modified 2020-06-02 plugin id 19813 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19813 title GLSA-200509-14 : Zebedee: Denial of Service vulnerability code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200509-14. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(19813); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:42"); script_cve_id("CVE-2005-2904"); script_bugtraq_id(14796); script_xref(name:"GLSA", value:"200509-14"); script_name(english:"GLSA-200509-14 : Zebedee: Denial of Service vulnerability"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200509-14 (Zebedee: Denial of Service vulnerability) 'Shiraishi.M' reported that Zebedee crashes when '0' is received as the port number in the protocol option header. Impact : By performing malformed requests a remote attacker could cause Zebedee to crash. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200509-14" ); script_set_attribute( attribute:"solution", value: "All Zebedee users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose net-misc/zebedee" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:zebedee"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/09/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/05"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/09/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-misc/zebedee", unaffected:make_list("rge 2.4.1-r1", "ge 2.5.3"), vulnerable:make_list("lt 2.5.3"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Zebedee"); }
NASL family Denial of Service NASL id ZEBEDEE_PORT0_DOS.NASL description The version of Zebedee installed on the remote host will crash if it receives a request for a connection with a destination port of 0. By exploiting this flaw, an attacker could cause the affected application to fail to respond to further requests. last seen 2020-06-01 modified 2020-06-02 plugin id 19606 published 2005-09-10 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19606 title Zebedee Malformed Protocol Option Header Port 0 Remote DoS