Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1136

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-1136
Last Modified 05 Sep 2008 05:36:54
Published 04 Mar 2008 02:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1136

Summary

The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679.

Vulnerable Systems

Application

  • Synce 0.10.0

  • Synce 0.92


References

XF - synce-vdccm-command-execution(39506)

BID - 27178

BUGTRAQ - 20080107 CORE-2007-1106: SynCE Remote Command Injection

MISC - http://www.coresecurity.com/?action=item&id=2070

CONFIRM - http://sourceforge.net/forum/forum.php?forum_id=766440

FEDORA - FEDORA-2008-0680

BID - 28141

SREASON - 3710

SECUNIA - 29285

SECUNIA - 29228


Last Updated: 27 May 2016 10:47:02