CVE-2008-0365

Multiple buffer overflows in CORE FORCE before 0.95.172 allow local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments to (1) IOCTL functions in the Firewall module or (2) SSDT hook handler functions in the Registry module.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.coresecurity.com/?action=item&id=2025
http://www.securityfocus.com/bid/27341
http://force.coresecurity.com/index.php?module=articles&func=display&aid=32
http://www.securitytracker.com/id?1019245
http://securityreason.com/securityalert/3555
http://www.vupen.com/english/advisories/2008/0242
https://exchange.xforce.ibmcloud.com/vulnerabilities/39758
http://www.securityfocus.com/archive/1/486513/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:core_security_technologies:core_force:*:*:*:*:*:*:*:*

Information

Published : 2008-01-18 15:00

Updated : 2018-10-15 14:59

NVD link : CVE-2008-0365

Mitre link : CVE-2008-0365

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

Products Affected

core_security_technologies

core_force

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.coresecurity.com/?action=item&id=2025", "name": "http://www.coresecurity.com/?action=item&id=2025", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/27341", "name": "27341", "tags": [], "refsource": "BID"}, {"url": "http://force.coresecurity.com/index.php?module=articles&func=display&aid=32", "name": "http://force.coresecurity.com/index.php?module=articles&func=display&aid=32", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securitytracker.com/id?1019245", "name": "1019245", "tags": [], "refsource": "SECTRACK"}, {"url": "http://securityreason.com/securityalert/3555", "name": "3555", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2008/0242", "name": "ADV-2008-0242", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39758", "name": "coreforce-firewall-registry-bo(39758)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/486513/100/0/threaded", "name": "20080117 CORE-2007-1119: CORE FORCE Kernel Buffer Overflow", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple buffer overflows in CORE FORCE before 0.95.172 allow local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments to (1) IOCTL functions in the Firewall module or (2) SSDT hook handler functions in the Registry module."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-0365", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2008-01-18T23:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:core_security_technologies:core_force:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "0.95.167"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-15T21:59Z"}