cvelistv5 - cve-2008-0177

CVE-2008-0177 (GCVE-0-2008-0177)

Vulnerability from cvelistv5

Published

2008-02-07 21:00

Modified

2024-08-07 07:39

Severity ?

CWE

Summary

The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header.

References

URL

Tags

cret@cert.org	http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u&only_with_tag=netbsd-3-1	Vendor Advisory
cret@cert.org	http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html
cret@cert.org	http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
cret@cert.org	http://secunia.com/advisories/28788	Patch, Vendor Advisory
cret@cert.org	http://secunia.com/advisories/28816	Vendor Advisory
cret@cert.org	http://secunia.com/advisories/28979
cret@cert.org	http://secunia.com/advisories/29130
cret@cert.org	http://secunia.com/advisories/30430
cret@cert.org	http://secunia.com/advisories/31074
cret@cert.org	http://security.freebsd.org/advisories/FreeBSD-SA-08:04.ipsec.asc
cret@cert.org	http://securitytracker.com/id?1019314
cret@cert.org	http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36%3Br2=1.37
cret@cert.org	http://www.kb.cert.org/vuls/id/110947	US Government Resource
cret@cert.org	http://www.securityfocus.com/bid/27642	Patch
cret@cert.org	http://www.us-cert.gov/cas/techalerts/TA08-150A.html	US Government Resource
cret@cert.org	http://www.vupen.com/english/advisories/2008/0441
cret@cert.org	http://www.vupen.com/english/advisories/2008/0688
cret@cert.org	http://www.vupen.com/english/advisories/2008/1697
cret@cert.org	http://www.vupen.com/english/advisories/2008/2094/references
cret@cert.org	https://www.exploit-db.com/exploits/5191
af854a3a-2127-422b-91ae-364da2661108	http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u&only_with_tag=netbsd-3-1	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28788	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28816	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28979
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29130
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30430
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31074
af854a3a-2127-422b-91ae-364da2661108	http://security.freebsd.org/advisories/FreeBSD-SA-08:04.ipsec.asc
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1019314
af854a3a-2127-422b-91ae-364da2661108	http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36%3Br2=1.37
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/110947	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27642	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-150A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0441
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0688
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1697
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2094/references
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/5191

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:39:35.072Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "28816",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28816"
          },
          {
            "name": "ADV-2008-0688",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0688"
          },
          {
            "name": "ADV-2008-0441",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0441"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u\u0026only_with_tag=netbsd-3-1"
          },
          {
            "name": "27642",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27642"
          },
          {
            "name": "28788",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28788"
          },
          {
            "name": "FreeBSD-SA-08:04",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:04.ipsec.asc"
          },
          {
            "name": "TA08-150A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
          },
          {
            "name": "29130",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29130"
          },
          {
            "name": "28979",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28979"
          },
          {
            "name": "30430",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30430"
          },
          {
            "name": "APPLE-SA-2008-05-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36%3Br2=1.37"
          },
          {
            "name": "APPLE-SA-2008-07-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
          },
          {
            "name": "ADV-2008-2094",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2094/references"
          },
          {
            "name": "ADV-2008-1697",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1697"
          },
          {
            "name": "1019314",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1019314"
          },
          {
            "name": "VU#110947",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/110947"
          },
          {
            "name": "31074",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31074"
          },
          {
            "name": "5191",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/5191"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-02-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "28816",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28816"
        },
        {
          "name": "ADV-2008-0688",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0688"
        },
        {
          "name": "ADV-2008-0441",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0441"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u\u0026only_with_tag=netbsd-3-1"
        },
        {
          "name": "27642",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27642"
        },
        {
          "name": "28788",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28788"
        },
        {
          "name": "FreeBSD-SA-08:04",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:04.ipsec.asc"
        },
        {
          "name": "TA08-150A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
        },
        {
          "name": "29130",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29130"
        },
        {
          "name": "28979",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28979"
        },
        {
          "name": "30430",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30430"
        },
        {
          "name": "APPLE-SA-2008-05-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36%3Br2=1.37"
        },
        {
          "name": "APPLE-SA-2008-07-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
        },
        {
          "name": "ADV-2008-2094",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2094/references"
        },
        {
          "name": "ADV-2008-1697",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1697"
        },
        {
          "name": "1019314",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1019314"
        },
        {
          "name": "VU#110947",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/110947"
        },
        {
          "name": "31074",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31074"
        },
        {
          "name": "5191",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/5191"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2008-0177",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "28816",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28816"
            },
            {
              "name": "ADV-2008-0688",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0688"
            },
            {
              "name": "ADV-2008-0441",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0441"
            },
            {
              "name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u\u0026only_with_tag=netbsd-3-1",
              "refsource": "CONFIRM",
              "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u\u0026only_with_tag=netbsd-3-1"
            },
            {
              "name": "27642",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27642"
            },
            {
              "name": "28788",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28788"
            },
            {
              "name": "FreeBSD-SA-08:04",
              "refsource": "FREEBSD",
              "url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:04.ipsec.asc"
            },
            {
              "name": "TA08-150A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
            },
            {
              "name": "29130",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29130"
            },
            {
              "name": "28979",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28979"
            },
            {
              "name": "30430",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30430"
            },
            {
              "name": "APPLE-SA-2008-05-28",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
            },
            {
              "name": "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37",
              "refsource": "CONFIRM",
              "url": "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37"
            },
            {
              "name": "APPLE-SA-2008-07-11",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
            },
            {
              "name": "ADV-2008-2094",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2094/references"
            },
            {
              "name": "ADV-2008-1697",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1697"
            },
            {
              "name": "1019314",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1019314"
            },
            {
              "name": "VU#110947",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/110947"
            },
            {
              "name": "31074",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31074"
            },
            {
              "name": "5191",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/5191"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2008-0177",
    "datePublished": "2008-02-07T21:00:00",
    "dateReserved": "2008-01-09T00:00:00",
    "dateUpdated": "2024-08-07T07:39:35.072Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-0177\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2008-02-07T22:00:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n ipcomp6_input en sys/netinet6/ipcomp_input.c en el Proyecto KAME antes del 2007-12-01 no comprueba correctamente el valor de retorno de la funci\u00f3n m_pulldown, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del sistema) mediante un paquete IPv6 con cabecera IPComp.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kame:ipcomp:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2434FDC-4269-4FEC-9627-8743C8A5D7A1\"}]}]}],\"references\":[{\"url\":\"http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u\u0026only_with_tag=netbsd-3-1\",\"source\":\"cret@cert.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008//May/msg00001.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://secunia.com/advisories/28788\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/28816\",\"source\":\"cret@cert.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/28979\",\"source\":\"cret@cert.org\"},{\"url\":\"http://secunia.com/advisories/29130\",\"source\":\"cret@cert.org\"},{\"url\":\"http://secunia.com/advisories/30430\",\"source\":\"cret@cert.org\"},{\"url\":\"http://secunia.com/advisories/31074\",\"source\":\"cret@cert.org\"},{\"url\":\"http://security.freebsd.org/advisories/FreeBSD-SA-08:04.ipsec.asc\",\"source\":\"cret@cert.org\"},{\"url\":\"http://securitytracker.com/id?1019314\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36%3Br2=1.37\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/110947\",\"source\":\"cret@cert.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/27642\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-150A.html\",\"source\":\"cret@cert.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0441\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0688\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1697\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2094/references\",\"source\":\"cret@cert.org\"},{\"url\":\"https://www.exploit-db.com/exploits/5191\",\"source\":\"cret@cert.org\"},{\"url\":\"http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u\u0026only_with_tag=netbsd-3-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008//May/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28788\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/28816\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/28979\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29130\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30430\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31074\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.freebsd.org/advisories/FreeBSD-SA-08:04.ipsec.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1019314\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36%3Br2=1.37\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/110947\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/27642\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-150A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0441\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0688\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1697\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2094/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/5191\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2008-AVI-056

Vulnerability from certfr_avis

Une vulnérabilité a été identifiée dans la mise en œuvre d'IPv6 par le projet KAME. L'exploitation de celle-ci permet à une personne distante malveillante de perturber le fonctionnement du système via un paquet spécialement construit.

Description

Une vulnérabilité a été identifiée dans la mise en œuvre d'IPv6 par le projet KAME. La pile ne manipulerait pas correctement les trames utilisant l'en-tête IPComp dans le fichier ipcomp_input.c. Celui-ci est défini par le standard RFC 3173 et précise un protocole de compression sans perte des données dans un datagramme IP.

L'exploitation de cette vulnérabilité permet à une personne distante malveillante de perturber le fonctionnement du système via un paquet spécialement construit.

Plusieurs systèmes s'appuient sur la mise en œuvre du projet KAME.

Solution

Se référer au bulletins de sécurités des éditeurs pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Tous les systèmes mettant en œuvre la pile protocolaire IPv6 du projet KAME.

References

Title

Publication Time

Tags

Note de vulnérabilité VU110947 de l'US-CERT du 06 février 2008	None	vendor-advisory
Bulletin de sécurité FreeBSD-SA-08:04.ipsec.asc :	-	other
Standard IETF RFC 3173, "IP Payload Compression Protocol (IPComp)", septembre 2001 :	-	other
Aperçu du projet KAME concernant la mise en œuvre IPv6 :	-	other
Correctif de NetBSD concernant la vulnérabilité ipcomp_input.c :	-	other
Note de vulnérabilité de l'US-CERT VU#110947 du 06 février 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tous les syst\u00e8mes mettant en \u0153uvre la pile protocolaire IPv6 du projet KAME.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans la mise en \u0153uvre d\u0027IPv6 par le\nprojet KAME. La pile ne manipulerait pas correctement les trames\nutilisant l\u0027en-t\u00eate IPComp dans le fichier ipcomp_input.c. Celui-ci est\nd\u00e9fini par le standard RFC 3173 et pr\u00e9cise un protocole de compression\nsans perte des donn\u00e9es dans un datagramme IP.\n\nL\u0027exploitation de cette vuln\u00e9rabilit\u00e9 permet \u00e0 une personne distante\nmalveillante de perturber le fonctionnement du syst\u00e8me via un paquet\nsp\u00e9cialement construit.\n\nPlusieurs syst\u00e8mes s\u0027appuient sur la mise en \u0153uvre du projet KAME.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletins de s\u00e9curit\u00e9s des \u00e9diteurs pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0177"
    }
  ],
  "initial_release_date": "2008-02-07T00:00:00",
  "last_revision_date": "2008-02-14T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FreeBSD-SA-08:04.ipsec.asc :",
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:04.ipsec.asc"
    },
    {
      "title": "Standard IETF RFC 3173, \"IP Payload Compression Protocol    (IPComp)\", septembre 2001 :",
      "url": "http://www.ietf.org/rfc/rfc3173.txt"
    },
    {
      "title": "Aper\u00e7u du projet KAME concernant la mise en \u0153uvre IPv6 :",
      "url": "http://www.kame.net/project-overview.html"
    },
    {
      "title": "Correctif de NetBSD concernant la vuln\u00e9rabilit\u00e9    ipcomp_input.c :",
      "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u\u0026only_with_tag=netbsd-3-1"
    },
    {
      "title": "Note de vuln\u00e9rabilit\u00e9 de l\u0027US-CERT VU#110947 du 06 f\u00e9vrier    2008 :",
      "url": "http://www.kb.cert.org/vuls/id/110947"
    }
  ],
  "reference": "CERTA-2008-AVI-056",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-02-07T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de FreeBSD.",
      "revision_date": "2008-02-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans la mise en \u0153uvre d\u0027IPv6 par le\nprojet KAME. L\u0027exploitation de celle-ci permet \u00e0 une personne distante\nmalveillante de perturber le fonctionnement du syst\u00e8me via un paquet\nsp\u00e9cialement construit.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans la pile IPv6 du projet KAME",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Note de vuln\u00e9rabilit\u00e9 VU110947 de l\u0027US-CERT du 06 f\u00e9vrier 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-278

Vulnerability from certfr_avis

Plusieurs vulnérabilités concernant le système d'exploitation Apple Mac OS X ont été identifiées. L'exploitation de ces dernières peut avoir plusieurs conséquences, dont des exécutions de codes arbitraires à distance.

Description

Plusieurs vulnérabilités concernant le système d'exploitation Apple Mac OS X ont été identifiées :

le serveur AFP (Apple Filing Protocol) ne vérifie pas correctement la cohérence d'accès entre répertoires et fichiers.
le serveur Apache est mis à jour en 2.0.63 pour les versions Mac OS X Server v10.4.x ; nouvelle version qui corrige des vulnérabilités permettant des attaques par injection de code indirecte ;
l'impression d'un document PDF spécialement construit par ATS peut provoquer l'exécution de code arbitraire ;
l'impression de documents via CUPS à destination d'une imprimante peut permettre sous certaines conditions de récupérer des informations sensibles, y compris si une protection par mot de passe est déployée ;
des vulnérabilités dans le module Flash Player sont corrigées (cf. CERTA-2008-AVI-197) ;
les vulnérabilités détaillées dans l'alerte CERTA-2008-ALE-007 concernant iCal sont corrigées ;
etc.

Solution

Se référer au bulletin de sécurité Apple pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Apple Mac 0S X versions v10.4.x.
	Apple	N/A	Apple Mac OS X version v10.5.x ;

References

Title

Publication Time

Tags

Mises à jour de sécurité Apple 2008-003 du 28 mai 2008	None	vendor-advisory
Alerte CERTA-2008-ALE-007, « Multiples vulnérabilités dans Apple Ical », du 23 mai 2008 :	-	other
Détails de la mise à jour de sécurité 2008-003 / Mac OS X 10.5.3 :	-	other
Bulletin de sécurité Apple 106704 du 28 mai 2008 :	-	other
Tableau récapitulatif des mises à jour de sécurité pour Mac OS X :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple Mac 0S X versions v10.4.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac OS X version v10.5.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s concernant le syst\u00e8me d\u0027exploitation Apple Mac\nOS X ont \u00e9t\u00e9 identifi\u00e9es :\n\n-   le serveur AFP (Apple Filing Protocol) ne v\u00e9rifie pas correctement\n    la coh\u00e9rence d\u0027acc\u00e8s entre r\u00e9pertoires et fichiers.\n-   le serveur Apache est mis \u00e0 jour en 2.0.63 pour les versions Mac OS\n    X Server v10.4.x ; nouvelle version qui corrige des vuln\u00e9rabilit\u00e9s\n    permettant des attaques par injection de code indirecte ;\n-   l\u0027impression d\u0027un document PDF sp\u00e9cialement construit par ATS peut\n    provoquer l\u0027ex\u00e9cution de code arbitraire ;\n-   l\u0027impression de documents via CUPS \u00e0 destination d\u0027une imprimante\n    peut permettre sous certaines conditions de r\u00e9cup\u00e9rer des\n    informations sensibles, y compris si une protection par mot de passe\n    est d\u00e9ploy\u00e9e ;\n-   des vuln\u00e9rabilit\u00e9s dans le module Flash Player sont corrig\u00e9es (cf.\n    CERTA-2008-AVI-197) ;\n-   les vuln\u00e9rabilit\u00e9s d\u00e9taill\u00e9es dans l\u0027alerte CERTA-2008-ALE-007\n    concernant iCal sont corrig\u00e9es ;\n-   etc.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Apple pour l\u0027obtention des correctifs\n(cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1574"
    },
    {
      "name": "CVE-2008-1032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1032"
    },
    {
      "name": "CVE-2007-3847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3847"
    },
    {
      "name": "CVE-2008-1572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1572"
    },
    {
      "name": "CVE-2008-1655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1655"
    },
    {
      "name": "CVE-2006-3747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3747"
    },
    {
      "name": "CVE-2007-5000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000"
    },
    {
      "name": "CVE-2008-1575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1575"
    },
    {
      "name": "CVE-2008-1031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1031"
    },
    {
      "name": "CVE-2008-1571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1571"
    },
    {
      "name": "CVE-2008-1027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1027"
    },
    {
      "name": "CVE-2008-1577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1577"
    },
    {
      "name": "CVE-2008-1576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1576"
    },
    {
      "name": "CVE-2008-1035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1035"
    },
    {
      "name": "CVE-2007-6612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6612"
    },
    {
      "name": "CVE-2005-3357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3357"
    },
    {
      "name": "CVE-2008-1573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1573"
    },
    {
      "name": "CVE-2008-1036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1036"
    },
    {
      "name": "CVE-2008-1028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1028"
    },
    {
      "name": "CVE-2007-5267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5267"
    },
    {
      "name": "CVE-2007-5268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5268"
    },
    {
      "name": "CVE-2008-1033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1033"
    },
    {
      "name": "CVE-2007-6019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6019"
    },
    {
      "name": "CVE-2007-5275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5275"
    },
    {
      "name": "CVE-2008-1030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1030"
    },
    {
      "name": "CVE-2008-1578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1578"
    },
    {
      "name": "CVE-2008-1034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1034"
    },
    {
      "name": "CVE-2007-5269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5269"
    },
    {
      "name": "CVE-2008-0177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0177"
    },
    {
      "name": "CVE-2007-6243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6243"
    },
    {
      "name": "CVE-2008-1579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1579"
    },
    {
      "name": "CVE-2008-1580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1580"
    },
    {
      "name": "CVE-2007-6359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6359"
    },
    {
      "name": "CVE-2008-1654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1654"
    },
    {
      "name": "CVE-2005-3352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3352"
    },
    {
      "name": "CVE-2007-0071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0071"
    },
    {
      "name": "CVE-2007-4465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4465"
    },
    {
      "name": "CVE-2007-6388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6388"
    },
    {
      "name": "CVE-2007-1863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1863"
    }
  ],
  "initial_release_date": "2008-05-29T00:00:00",
  "last_revision_date": "2008-05-29T00:00:00",
  "links": [
    {
      "title": "Alerte CERTA-2008-ALE-007, \u00ab Multiples vuln\u00e9rabilit\u00e9s dans    Apple Ical \u00bb, du 23 mai 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-ALE-007/"
    },
    {
      "title": "D\u00e9tails de la mise \u00e0 jour de s\u00e9curit\u00e9 2008-003 / Mac OS X    10.5.3 :",
      "url": "http://support.apple.com/kb/HT1897"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 106704 du 28 mai 2008 :",
      "url": "http://docs.info.apple.com/article.html?artnum=106704"
    },
    {
      "title": "Tableau r\u00e9capitulatif des mises \u00e0 jour de s\u00e9curit\u00e9 pour Mac    OS X :",
      "url": "http://support.apple.com/kb/HT1222?viewlocale=fr_FR"
    }
  ],
  "reference": "CERTA-2008-AVI-278",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-05-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s concernant le syst\u00e8me d\u0027exploitation Apple Mac\nOS X ont \u00e9t\u00e9 identifi\u00e9es. L\u0027exploitation de ces derni\u00e8res peut avoir\nplusieurs cons\u00e9quences, dont des ex\u00e9cutions de codes arbitraires \u00e0\ndistance.\n",
  "title": "Mutliples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Mises \u00e0 jour de s\u00e9curit\u00e9 Apple 2008-003 du 28 mai 2008",
      "url": null
    }
  ]
}

ghsa-vrv9-xcjr-98wp

Vulnerability from github

Published

2022-05-01 23:28

Modified

2025-04-09 03:51

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0177"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-02-07T22:00:00Z",
    "severity": "HIGH"
  },
  "details": "The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header.",
  "id": "GHSA-vrv9-xcjr-98wp",
  "modified": "2025-04-09T03:51:08Z",
  "published": "2022-05-01T23:28:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0177"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/5191"
    },
    {
      "type": "WEB",
      "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u\u0026only_with_tag=netbsd-3-1"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28788"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28816"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28979"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29130"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30430"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31074"
    },
    {
      "type": "WEB",
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:04.ipsec.asc"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1019314"
    },
    {
      "type": "WEB",
      "url": "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36%3Br2=1.37"
    },
    {
      "type": "WEB",
      "url": "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/110947"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/27642"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0441"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0688"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1697"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2094/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2008-0177

Vulnerability from fkie_nvd

Published

2008-02-07 22:00

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cret@cert.org	http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u&only_with_tag=netbsd-3-1	Vendor Advisory
cret@cert.org	http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html
cret@cert.org	http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
cret@cert.org	http://secunia.com/advisories/28788	Patch, Vendor Advisory
cret@cert.org	http://secunia.com/advisories/28816	Vendor Advisory
cret@cert.org	http://secunia.com/advisories/28979
cret@cert.org	http://secunia.com/advisories/29130
cret@cert.org	http://secunia.com/advisories/30430
cret@cert.org	http://secunia.com/advisories/31074
cret@cert.org	http://security.freebsd.org/advisories/FreeBSD-SA-08:04.ipsec.asc
cret@cert.org	http://securitytracker.com/id?1019314
cret@cert.org	http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36%3Br2=1.37
cret@cert.org	http://www.kb.cert.org/vuls/id/110947	US Government Resource
cret@cert.org	http://www.securityfocus.com/bid/27642	Patch
cret@cert.org	http://www.us-cert.gov/cas/techalerts/TA08-150A.html	US Government Resource
cret@cert.org	http://www.vupen.com/english/advisories/2008/0441
cret@cert.org	http://www.vupen.com/english/advisories/2008/0688
cret@cert.org	http://www.vupen.com/english/advisories/2008/1697
cret@cert.org	http://www.vupen.com/english/advisories/2008/2094/references
cret@cert.org	https://www.exploit-db.com/exploits/5191
af854a3a-2127-422b-91ae-364da2661108	http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u&only_with_tag=netbsd-3-1	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28788	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28816	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28979
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29130
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30430
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31074
af854a3a-2127-422b-91ae-364da2661108	http://security.freebsd.org/advisories/FreeBSD-SA-08:04.ipsec.asc
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1019314
af854a3a-2127-422b-91ae-364da2661108	http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36%3Br2=1.37
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/110947	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27642	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-150A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0441
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0688
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1697
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2094/references
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/5191

Impacted products

	Vendor	Product	Version
	kame	ipcomp	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:kame:ipcomp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2434FDC-4269-4FEC-9627-8743C8A5D7A1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n ipcomp6_input en sys/netinet6/ipcomp_input.c en el Proyecto KAME antes del 2007-12-01 no comprueba correctamente el valor de retorno de la funci\u00f3n m_pulldown, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del sistema) mediante un paquete IPv6 con cabecera IPComp."
    }
  ],
  "id": "CVE-2008-0177",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-02-07T22:00:00.000",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u\u0026only_with_tag=netbsd-3-1"
    },
    {
      "source": "cret@cert.org",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
    },
    {
      "source": "cret@cert.org",
      "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28788"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28816"
    },
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/28979"
    },
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/29130"
    },
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/30430"
    },
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/31074"
    },
    {
      "source": "cret@cert.org",
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:04.ipsec.asc"
    },
    {
      "source": "cret@cert.org",
      "url": "http://securitytracker.com/id?1019314"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36%3Br2=1.37"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/110947"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/27642"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.vupen.com/english/advisories/2008/0441"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.vupen.com/english/advisories/2008/0688"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.vupen.com/english/advisories/2008/1697"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.vupen.com/english/advisories/2008/2094/references"
    },
    {
      "source": "cret@cert.org",
      "url": "https://www.exploit-db.com/exploits/5191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u\u0026only_with_tag=netbsd-3-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28788"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28816"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28979"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29130"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:04.ipsec.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1019314"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36%3Br2=1.37"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/110947"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/27642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0441"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0688"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2094/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/5191"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2008-0177

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2008-0177

Aliases

CVE-2008-0177

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0177",
    "description": "The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header.",
    "id": "GSD-2008-0177"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0177"
      ],
      "details": "The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header.",
      "id": "GSD-2008-0177",
      "modified": "2023-12-13T01:22:58.739300Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2008-0177",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "28816",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28816"
          },
          {
            "name": "ADV-2008-0688",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0688"
          },
          {
            "name": "ADV-2008-0441",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0441"
          },
          {
            "name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u\u0026only_with_tag=netbsd-3-1",
            "refsource": "CONFIRM",
            "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u\u0026only_with_tag=netbsd-3-1"
          },
          {
            "name": "27642",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/27642"
          },
          {
            "name": "28788",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28788"
          },
          {
            "name": "FreeBSD-SA-08:04",
            "refsource": "FREEBSD",
            "url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:04.ipsec.asc"
          },
          {
            "name": "TA08-150A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
          },
          {
            "name": "29130",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29130"
          },
          {
            "name": "28979",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28979"
          },
          {
            "name": "30430",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30430"
          },
          {
            "name": "APPLE-SA-2008-05-28",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
          },
          {
            "name": "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37",
            "refsource": "CONFIRM",
            "url": "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37"
          },
          {
            "name": "APPLE-SA-2008-07-11",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
          },
          {
            "name": "ADV-2008-2094",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2094/references"
          },
          {
            "name": "ADV-2008-1697",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1697"
          },
          {
            "name": "1019314",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1019314"
          },
          {
            "name": "VU#110947",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/110947"
          },
          {
            "name": "31074",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31074"
          },
          {
            "name": "5191",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/5191"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:kame:ipcomp:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2008-0177"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u\u0026only_with_tag=netbsd-3-1",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u\u0026only_with_tag=netbsd-3-1"
            },
            {
              "name": "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37"
            },
            {
              "name": "VU#110947",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/110947"
            },
            {
              "name": "27642",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/27642"
            },
            {
              "name": "28788",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28788"
            },
            {
              "name": "28816",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28816"
            },
            {
              "name": "1019314",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1019314"
            },
            {
              "name": "FreeBSD-SA-08:04",
              "refsource": "FREEBSD",
              "tags": [],
              "url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:04.ipsec.asc"
            },
            {
              "name": "28979",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/28979"
            },
            {
              "name": "29130",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29130"
            },
            {
              "name": "APPLE-SA-2008-05-28",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
            },
            {
              "name": "TA08-150A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
            },
            {
              "name": "30430",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30430"
            },
            {
              "name": "APPLE-SA-2008-07-11",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
            },
            {
              "name": "31074",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31074"
            },
            {
              "name": "ADV-2008-0688",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0688"
            },
            {
              "name": "ADV-2008-1697",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/1697"
            },
            {
              "name": "ADV-2008-2094",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2094/references"
            },
            {
              "name": "ADV-2008-0441",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0441"
            },
            {
              "name": "5191",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/5191"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-09-29T01:30Z",
      "publishedDate": "2008-02-07T22:00Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-0177 (GCVE-0-2008-0177)

Vulnerability from cvelistv5

CERTA-2008-AVI-056

Vulnerability from certfr_avis

Description

Solution

CERTA-2008-AVI-278

Vulnerability from certfr_avis

Description

Solution

ghsa-vrv9-xcjr-98wp

Vulnerability from github

fkie_cve-2008-0177

Vulnerability from fkie_nvd

gsd-2008-0177

Vulnerability from gsd

Tags

Sightings

Nomenclature