CVE-2005-1928

Trend Micro ServerProtect EarthAgent for Windows Management Console 5.58 and possibly earlier versions, when running with Trend Micro Control Manager 2.5 and 3.0, and Damage Cleanup Server 1.1, allows remote attackers to cause a denial of service (CPU consumption) via a flood of crafted packets with a certain "magic value" to port 5005, which also leads to a memory leak.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionID=25254
http://secunia.com/advisories/18038	Vendor Advisory
http://securityreason.com/securityalert/259
http://securitytracker.com/id?1015358
http://solutionfile.trendmicro.com/SolutionFile/25254/en/Hotfix_Readme_SPNT5_58_B1137.txt
http://www.idefense.com/application/poi/display?id=356&type=vulnerabilities	Vendor Advisory
http://www.osvdb.org/21773
http://www.securityfocus.com/bid/15868
http://www.vupen.com/english/advisories/2005/2907	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:trend_micro:serverprotect_earthagent:5.58:*:*:*:*:*:*:*

History

No history.

Information

Published : 2005-12-14 23:03

Updated : 2023-12-10 10:28

NVD link : CVE-2005-1928

Mitre link : CVE-2005-1928

CVE.ORG link : CVE-2005-1928

JSON object : View

Products Affected

trend_micro

serverprotect_earthagent

CWE

CWE-399

Resource Management Errors

{"id": "CVE-2005-1928", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-12-14T23:03:00.000", "references": [{"url": "http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionID=25254", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/18038", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/259", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015358", "source": "cve@mitre.org"}, {"url": "http://solutionfile.trendmicro.com/SolutionFile/25254/en/Hotfix_Readme_SPNT5_58_B1137.txt", "source": "cve@mitre.org"}, {"url": "http://www.idefense.com/application/poi/display?id=356&type=vulnerabilities", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/21773", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/15868", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2005/2907", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "Trend Micro ServerProtect EarthAgent for Windows Management Console 5.58 and possibly earlier versions, when running with Trend Micro Control Manager 2.5 and 3.0, and Damage Cleanup Server 1.1, allows remote attackers to cause a denial of service (CPU consumption) via a flood of crafted packets with a certain \"magic value\" to port 5005, which also leads to a memory leak."}], "lastModified": "2011-05-20T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trend_micro:serverprotect_earthagent:5.58:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F06F757-078D-48BC-B44C-8332D9001718"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}