Vulnerabilities > CVE-2005-2993 - Remote Denial Of Service vulnerability in HP-UX FTPD
Attack vector
LOCAL Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX 4.0F PK8 and other versions up to HP Tru64 UNIX 5.1B-3, and HP-UX B.11.00, B.11.04, B.11.11, and B.11.23, allows remote authenticated users to cause a denial of service (hang).
Vulnerable Configurations
Nessus
NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_33412.NASL description s700_800 11.11 ftpd(1M) and ftp(1) patch : A potential security vulnerability has been identified with HP-UX running ftpd. The vulnerability could be exploited by a remote unauthorized user to cause ftpd to become unresponsive, leading to a Denial fo Service (DoS). last seen 2020-06-01 modified 2020-06-02 plugin id 20803 published 2006-01-24 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20803 title HP-UX PHNE_33412 : HP-UX Running ftpd Remote Denial of Service (DoS) (HPSBUX02092 SSRT5971 rev.2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_33412. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(20803); script_version("1.18"); script_cvs_date("Date: 2018/08/10 18:07:07"); script_cve_id("CVE-2005-2993"); script_xref(name:"HP", value:"emr_na-c00592668"); script_xref(name:"HP", value:"HPSBUX02092"); script_xref(name:"HP", value:"SSRT5971"); script_name(english:"HP-UX PHNE_33412 : HP-UX Running ftpd Remote Denial of Service (DoS) (HPSBUX02092 SSRT5971 rev.2)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.11 ftpd(1M) and ftp(1) patch : A potential security vulnerability has been identified with HP-UX running ftpd. The vulnerability could be exploited by a remote unauthorized user to cause ftpd to become unresponsive, leading to a Denial fo Service (DoS)." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00592668 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?45d34ec8" ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_33412 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/10/17"); script_set_attribute(attribute:"patch_modification_date", value:"2006/02/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/24"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/09/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.11")) { exit(0, "The host is not affected since PHNE_33412 applies to a different OS release."); } patches = make_list("PHNE_33412", "PHNE_34544", "PHNE_36129", "PHNE_36192", "PHNE_38458", "PHNE_40774"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.11")) flag++; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.11")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:hpux_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_33414.NASL description s700_800 11.23 ftpd(1M) and ftp(1) patch : A potential security vulnerability has been identified with HP-UX running ftpd. The vulnerability could be exploited by a remote unauthorized user to cause ftpd to become unresponsive, leading to a Denial fo Service (DoS). last seen 2020-06-01 modified 2020-06-02 plugin id 20799 published 2006-01-24 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20799 title HP-UX PHNE_33414 : HP-UX Running ftpd Remote Denial of Service (DoS) (HPSBUX02092 SSRT5971 rev.2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_33414. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(20799); script_version("1.22"); script_cvs_date("Date: 2018/08/10 18:07:07"); script_cve_id("CVE-2005-2993"); script_xref(name:"HP", value:"emr_na-c00592668"); script_xref(name:"HP", value:"HPSBUX02092"); script_xref(name:"HP", value:"SSRT5971"); script_name(english:"HP-UX PHNE_33414 : HP-UX Running ftpd Remote Denial of Service (DoS) (HPSBUX02092 SSRT5971 rev.2)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.23 ftpd(1M) and ftp(1) patch : A potential security vulnerability has been identified with HP-UX running ftpd. The vulnerability could be exploited by a remote unauthorized user to cause ftpd to become unresponsive, leading to a Denial fo Service (DoS)." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00592668 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?45d34ec8" ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_33414 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/10/31"); script_set_attribute(attribute:"patch_modification_date", value:"2006/02/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/24"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/09/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.23")) { exit(0, "The host is not affected since PHNE_33414 applies to a different OS release."); } patches = make_list("PHNE_33414", "PHNE_34306", "PHNE_34698", "PHNE_36065", "PHNE_36193", "PHNE_38578", "PHNE_38916", "PHNE_40380", "PHNE_41248", "PHNE_41581", "PHNE_42661"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.23")) flag++; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS2-RUN", version:"B.11.23")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:hpux_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_33406.NASL description s700_800 11.00 ftpd(1M) and ftp(1) patch : A potential security vulnerability has been identified with HP-UX running ftpd. The vulnerability could be exploited by a remote unauthorized user to cause ftpd to become unresponsive, leading to a Denial fo Service (DoS). last seen 2020-06-01 modified 2020-06-02 plugin id 20801 published 2006-01-24 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20801 title HP-UX PHNE_33406 : HP-UX Running ftpd Remote Denial of Service (DoS) (HPSBUX02092 SSRT5971 rev.2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_33406. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(20801); script_version("1.15"); script_cvs_date("Date: 2018/08/10 18:07:07"); script_cve_id("CVE-2005-2993"); script_xref(name:"HP", value:"emr_na-c00592668"); script_xref(name:"HP", value:"HPSBUX02092"); script_xref(name:"HP", value:"SSRT5971"); script_name(english:"HP-UX PHNE_33406 : HP-UX Running ftpd Remote Denial of Service (DoS) (HPSBUX02092 SSRT5971 rev.2)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.00 ftpd(1M) and ftp(1) patch : A potential security vulnerability has been identified with HP-UX running ftpd. The vulnerability could be exploited by a remote unauthorized user to cause ftpd to become unresponsive, leading to a Denial fo Service (DoS)." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00592668 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?45d34ec8" ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_33406 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/05"); script_set_attribute(attribute:"patch_modification_date", value:"2006/02/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/24"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/09/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.00")) { exit(0, "The host is not affected since PHNE_33406 applies to a different OS release."); } patches = make_list("PHNE_33406", "PHNE_34543"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.00")) flag++; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.00")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:hpux_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_34077.NASL description s700_800 11.04 (VVOS) ftpd(1M) and ftp(1) patch : A potential security vulnerability has been identified with HP-UX running ftpd. The vulnerability could be exploited by a remote unauthorized user to cause ftpd to become unresponsive, leading to a Denial fo Service (DoS). last seen 2020-06-01 modified 2020-06-02 plugin id 20800 published 2006-01-24 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20800 title HP-UX PHNE_34077 : HP-UX Running ftpd Remote Denial of Service (DoS) (HPSBUX02092 SSRT5971 rev.2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_34077. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(20800); script_version("1.13"); script_cvs_date("Date: 2018/08/10 18:07:07"); script_cve_id("CVE-2005-2993"); script_xref(name:"HP", value:"emr_na-c00592668"); script_xref(name:"HP", value:"HPSBUX02092"); script_xref(name:"HP", value:"SSRT5971"); script_name(english:"HP-UX PHNE_34077 : HP-UX Running ftpd Remote Denial of Service (DoS) (HPSBUX02092 SSRT5971 rev.2)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.04 (VVOS) ftpd(1M) and ftp(1) patch : A potential security vulnerability has been identified with HP-UX running ftpd. The vulnerability could be exploited by a remote unauthorized user to cause ftpd to become unresponsive, leading to a Denial fo Service (DoS)." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00592668 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?45d34ec8" ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_34077 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/11/22"); script_set_attribute(attribute:"patch_modification_date", value:"2006/02/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/24"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/09/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.04")) { exit(0, "The host is not affected since PHNE_34077 applies to a different OS release."); } patches = make_list("PHNE_34077"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.04")) flag++; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.04")) flag++; if (hpux_check_patch(app:"VirtualVaultOS.VVOS-AUX-IA", version:"B.11.04")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:hpux_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Oval
accepted | 2014-03-24T04:01:45.386-04:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
description | Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX 4.0F PK8 and other versions up to HP Tru64 UNIX 5.1B-3, and HP-UX B.11.00, B.11.04, B.11.11, and B.11.23, allows remote authenticated users to cause a denial of service (hang). | ||||||||||||
family | unix | ||||||||||||
id | oval:org.mitre.oval:def:5709 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2008-07-08T17:01:37.000-04:00 | ||||||||||||
title | HP-UX Running ftpd Remote Denial of Service (DoS) | ||||||||||||
version | 41 |
References
- http://secunia.com/advisories/18543
- http://secunia.com/advisories/18569
- http://securityreason.com/securityalert/360
- http://securitytracker.com/id?1015506
- http://support.avaya.com/elmodocs2/security/ASA-2006-018.htm
- http://www.securityfocus.com/archive/1/422391/100/0/threaded
- http://www.securityfocus.com/bid/16316
- http://www.vupen.com/english/advisories/2005/1801
- http://www.vupen.com/english/advisories/2006/0264
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01227
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5709