Vulnerabilities > CVE-2006-2555 - Remote Buffer Overflow and Denial Of Service vulnerability in Genecys

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

genecys

exploit available

NVD

Published: 2006-05-24

Updated: 2018-10-18

Summary

The parse_command function in Genecys 0.2 and earlier allows remote attackers to cause a denial of service (crash) via a command with a missing ":" (colon) separator, which triggers a null dereference.

Vulnerable Configurations

Part	Description	Count
Application	Genecys Genecys Genecys *	1

Exploit-Db

description	Genecys. CVE-2006-2554,CVE-2006-2555. Dos exploit for windows platform
id	EDB-ID:1783
last seen	2016-01-31
modified	2006-05-14
published	2006-05-14
reporter	Luigi Auriemma
source	https://www.exploit-db.com/download/1783/
title	Genecys <= 0.2 - BoF/NULL pointer Denial of Service Exploit

References

http://aluigi.altervista.org/adv/genecysbof-adv.txt
http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046015.html
http://secunia.com/advisories/20099
http://securityreason.com/securityalert/944
http://www.osvdb.org/25482
http://www.securityfocus.com/archive/1/433929/30/5010/threaded
http://www.securityfocus.com/bid/17969
http://www.vupen.com/english/advisories/2006/1815
https://exchange.xforce.ibmcloud.com/vulnerabilities/26523