CVE-2008-5106 - Vulnerability Details - OpenCVE

Buffer overflow in KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long argument to an arbitrary command, which triggers the overflow when the SamyFtp.binlog log file is viewed in the management console. NOTE: this may overlap CVE-2006-0441 and CVE-2006-2212.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.62069.

Key SSVC decision points have not yet been added.

Vendors	Products
Karjasoft	Sami Ftp Server

Configuration 1 [-]

OR	cpe:2.3:a:karjasoft:sami_ftp_server:2.0.0:::::::*
	cpe:2.3:a:karjasoft:sami_ftp_server:2.0.1:::::::*
	cpe:2.3:a:karjasoft:sami_ftp_server:2.0.2:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2008-5085	Buffer overflow in KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long argument to an arbitrary command, which triggers the overflow when the SamyFtp.binlog log file is viewed in the management console. NOTE: this may overlap CVE-2006-0441 and CVE-2006-2212.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://securityreason.com/securityalert/4603
http://www.securityfocus.com/archive/1/488198/100/200/threaded
http://www.securityfocus.com/bid/27817

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-11-17T18:00:00

Updated: 2024-08-07T10:40:17.177Z

Reserved: 2008-11-17T00:00:00

Link: CVE-2008-5106

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-11-17T18:18:48.093

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-5106

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-02-15T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long argument to an arbitrary command, which triggers the overflow when the SamyFtp.binlog log file is viewed in the management console. NOTE: this may overlap CVE-2006-0441 and CVE-2006-2212."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20080215 Sami FTP Server 2.0.* Multiple Remote Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/488198/100/200/threaded"}, {"name": "27817", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27817"}, {"name": "4603", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4603"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5106", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long argument to an arbitrary command, which triggers the overflow when the SamyFtp.binlog log file is viewed in the management console. NOTE: this may overlap CVE-2006-0441 and CVE-2006-2212."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20080215 Sami FTP Server 2.0.* Multiple Remote Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/488198/100/200/threaded"}, {"name": "27817", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27817"}, {"name": "4603", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4603"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:40:17.177Z"}, "title": "CVE Program Container", "references": [{"name": "20080215 Sami FTP Server 2.0.* Multiple Remote Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/488198/100/200/threaded"}, {"name": "27817", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27817"}, {"name": "4603", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4603"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5106", "datePublished": "2008-11-17T18:00:00", "dateReserved": "2008-11-17T00:00:00", "dateUpdated": "2024-08-07T10:40:17.177Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:karjasoft:sami_ftp_server:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "218CACF2-A382-4483-9319-889B9E2FB208", "vulnerable": true}, {"criteria": "cpe:2.3:a:karjasoft:sami_ftp_server:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "EE91DCB5-8314-473B-A8D0-06B53B02FC51", "vulnerable": true}, {"criteria": "cpe:2.3:a:karjasoft:sami_ftp_server:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "075B214B-CFFE-408E-B341-FF9C5B43A51E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long argument to an arbitrary command, which triggers the overflow when the SamyFtp.binlog log file is viewed in the management console. NOTE: this may overlap CVE-2006-0441 and CVE-2006-2212."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en KarjaSoft Sami FTP Server 2.0.x permte a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un argumento largo de un comando de su elecci\u00f3n, lo cual dispara el desbordamiento cuando el fichero log SamyFtp.binlog se ve en la consola de gesti\u00f3n.\r\nNOTA: este CVE puede solaparse con CVE-2006-0441 y CVE-2006-2212."}], "id": "CVE-2008-5106", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-11-17T18:18:48.093", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4603"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/488198/100/200/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/27817"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/4603"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/488198/100/200/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/27817"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}