CVE-2005-3492 - FlatFrag 0.3 and earlier allows remote attackers to cause a denial of service (crash) by sending an

CVE-2005-3492

Summary

FlatFrag 0.3 and earlier allows remote attackers to cause a denial of service (crash) by sending an NT_CONN_OK command from a client that is not connected, which triggers a null dereference.

References

http://aluigi.altervista.org/adv/flatfragz-adv.txt
http://marc.info/?l=full-disclosure&m=113096078606274&w=2
http://www.osvdb.org/20770
http://www.securityfocus.com/archive/1/415636/30/0/threaded
http://www.securityfocus.com/bid/15287
http://www.vupen.com/english/advisories/2005/2285

Vulnerable Configurations

cpe:2.3:a:johannes_f._kuhlmann:flatfrag:0.3:*:*:*:*:*:*:*
cpe:2.3:a:johannes_f._kuhlmann:flatfrag:0.3:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 19-10-2018 - 15:36)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	15287
bugtraq	20051102 Buffer-overflow and crash in FlatFrag 0.3
fulldisc	20051102 Buffer-overflow and crash in FlatFrag 0.3
misc	http://aluigi.altervista.org/adv/flatfragz-adv.txt
osvdb	20770
vupen	ADV-2005-2285

Last major update

19-10-2018 - 15:36

Published

04-11-2005 - 00:02

Last modified

19-10-2018 - 15:36