BNBT Easy Tracker client.cpp script denial of service
| bnbteasytracker-client-dos (22058) |  Low Risk |
Description:
BNBT Easy Tracker is vulnerable to a denial of service attack. A remote attacker can send a specially-crafted HTTP request to the client.cpp file in the //grab headers section to cause the BNBT server to stop responding to requests.
Platforms Affected:
- BNBT Easy Tracker, BNBT Easy Tracker 7.7r32004.10.27 & pr
Remedy:
No remedy available as of July 4, 2009.
Consequences:
Denial of Service
References:
- BNBT Easy Tracker Web site, BNBT Easy Tracker | by Trinity of ZionMatrix at http://bnbteasytracker.sourceforge.net/.
- Full-Disclosure Mailing List, Mon Aug 29 2005 - 22:11:42 CDT, BNBT EasyTracker Remote Denial of Service Vulnerability at http://archives.neohapsis.com/archives/fulldisclosure/2005-08/1003.html.
- BID-14700: BNBT EasyTracker Remote Denial Of Service Vulnerability
- CVE-2005-2806: client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier allows remote attackers cause a denial of service (application hang) via an HTTP header containing only a : (colon), possibly leading to an integer signedness error due to a missing field name or value.
- SA16613: BNBT EasyTracker Denial of Service Vulnerability
Reported:
Aug 29, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net