Vulnerabilites related to symantec - antivirus_scan_engine_for_network_attached_storage
Vulnerability from fkie_nvd
Published
2005-10-05 19:02
Modified
2025-04-03 01:03
Severity ?
Summary
Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | antivirus_scan_engine | 4.0 | |
| symantec | antivirus_scan_engine | 4.0 | |
| symantec | antivirus_scan_engine | 4.0 | |
| symantec | antivirus_scan_engine | 4.0 | |
| symantec | antivirus_scan_engine | 4.0 | |
| symantec | antivirus_scan_engine | 4.3 | |
| symantec | antivirus_scan_engine | 4.3 | |
| symantec | antivirus_scan_engine | 4.3 | |
| symantec | antivirus_scan_engine | 4.3 | |
| symantec | antivirus_scan_engine_for_network_attached_storage | 4.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2AD14C-2BD2-4658-BDB0-232A9E26EA2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:bluecoat:*:*:*:*:*",
"matchCriteriaId": "11EDDA59-F819-4EB8-99EB-9CD3F4A17355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:clearswift:*:*:*:*:*",
"matchCriteriaId": "1E739083-DFC2-4A89-9F84-E067E127D420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:netapp_filer:*:*:*:*:*",
"matchCriteriaId": "33090505-58E7-42AB-8726-FACF2C93248A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:netapp_netcache:*:*:*:*:*",
"matchCriteriaId": "8489A23E-AB16-418C-B64A-8F68FB2A5936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F11687CE-E997-4D26-ACAE-B9175348ADDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:caching:*:*:*:*:*",
"matchCriteriaId": "2F90AD67-02CB-4006-B567-631FD633DB17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:clearswift:*:*:*:*:*",
"matchCriteriaId": "BC0F87D0-E4B5-41FC-8050-386B9CE04249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:microsoft_sharepoint:*:*:*:*:*",
"matchCriteriaId": "FBBFF303-3DD6-4312-94CD-37E5170A93AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine_for_network_attached_storage:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79B7D063-0862-452E-AE9E-208A9E9297DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow."
}
],
"id": "CVE-2005-2758",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-05T19:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17049"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/48"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015001"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=314\u0026type=vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/849209"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/19854"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15001"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.symantec.com/avcenter/security/Content/2005.10.04.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/1954"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=314\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/849209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/19854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.symantec.com/avcenter/security/Content/2005.10.04.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/1954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22519"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2005-2758 (GCVE-0-2005-2758)
Vulnerability from cvelistv5
Published
2005-10-05 04:00
Modified
2024-08-07 22:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/22519 | vdb-entry, x_refsource_XF | |
| http://www.idefense.com/application/poi/display?id=314&type=vulnerabilities | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.securityfocus.com/bid/15001 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/849209 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.osvdb.org/19854 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2005/1954 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/17049 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1015001 | vdb-entry, x_refsource_SECTRACK | |
| http://www.symantec.com/avcenter/security/Content/2005.10.04.html | x_refsource_CONFIRM | |
| http://securityreason.com/securityalert/48 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:02.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "symantec-scanengine-admin-bo(22519)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22519"
},
{
"name": "20051004 Symantec AntiVirus Scan Engine Web Service Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=314\u0026type=vulnerabilities"
},
{
"name": "15001",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15001"
},
{
"name": "VU#849209",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/849209"
},
{
"name": "19854",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19854"
},
{
"name": "ADV-2005-1954",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/1954"
},
{
"name": "17049",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17049"
},
{
"name": "1015001",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015001"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2005.10.04.html"
},
{
"name": "48",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/48"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "symantec-scanengine-admin-bo(22519)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22519"
},
{
"name": "20051004 Symantec AntiVirus Scan Engine Web Service Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=314\u0026type=vulnerabilities"
},
{
"name": "15001",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15001"
},
{
"name": "VU#849209",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/849209"
},
{
"name": "19854",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19854"
},
{
"name": "ADV-2005-1954",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/1954"
},
{
"name": "17049",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17049"
},
{
"name": "1015001",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015001"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2005.10.04.html"
},
{
"name": "48",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/48"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "symantec-scanengine-admin-bo(22519)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22519"
},
{
"name": "20051004 Symantec AntiVirus Scan Engine Web Service Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=314\u0026type=vulnerabilities"
},
{
"name": "15001",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15001"
},
{
"name": "VU#849209",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/849209"
},
{
"name": "19854",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19854"
},
{
"name": "ADV-2005-1954",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1954"
},
{
"name": "17049",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17049"
},
{
"name": "1015001",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015001"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2005.10.04.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2005.10.04.html"
},
{
"name": "48",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/48"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2758",
"datePublished": "2005-10-05T04:00:00",
"dateReserved": "2005-08-31T00:00:00",
"dateUpdated": "2024-08-07T22:45:02.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}