Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3899


Vulnerability Score 5.4 5.4
CVE Id CVE-2005-3899
Last Modified 05 Sep 2008 04:55:35
Published 29 Nov 2005 04:03:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE



The automatic update feature in Google Talk allows remote attackers to cause a denial of service (CPU and memory consumption) by poisoning a target's DNS cache and causing a large update file to be sent, which consumes large amounts of CPU and memory during the signature verification, aka BenjiBug.

Vulnerable Systems


  • Google Talk


XF - googletalk-automatic-update-dos(23180)

BUGTRAQ - 20051123 Google Talk Denial of Service - BenjiBug

FULLDISC - 20051122 Google Talk Denial of Service - BenjiBug

Last Updated: 27 May 2016 10:41:06