Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1302

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-1302
Last Modified 01 Sep 2009 01:14:15
Published 12 Mar 2008 01:44:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1302

Summary

The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) server-DiffFile or (2) server-ReleaseFile command with a large integer value, which is used in an array initialization calculation, and leads to invalid memory access.

Vulnerable Systems

Application

  • Perforce Server 2007.3 143793


References

XF - perforceserver-invalid-memory-dos(41016)

BID - 28108

BUGTRAQ - 20080305 Multiple vulnerabilities in Perforce Server 2007.3/143793

SECUNIA - 29231

MISC - http://aluigi.org/poc/perforces.zip

MISC - http://aluigi.altervista.org/adv/perforces-adv.txt

XF - perforce-server-p4sexe-dos(41363)

SREASON - 3735


Last Updated: 27 May 2016 10:47:06