Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1303

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-1303
Last Modified 07 Jul 2010 12:00:00
Published 12 Mar 2008 01:44:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1303

Summary

The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a missing parameter to the (1) dm-FaultFile, (2) dm-LazyCheck, (3) dm-ResolvedFile, (4) dm-OpenFile, (5) crypto, and possibly unspecified other commands, which triggers a NULL pointer dereference.

Vulnerable Systems

Application

  • Perforce Server 2000.1

  • Perforce Server 2000.2

  • Perforce Server 2001.1

  • Perforce Server 2001.2

  • Perforce Server 2002.1

  • Perforce Server 2002.2

  • Perforce Server 2003.1

  • Perforce Server 2003.2

  • Perforce Server 2004.2

  • Perforce Server 2005.1

  • Perforce Server 2005.2

  • Perforce Server 2006.1

  • Perforce Server 2006.2

  • Perforce Server 2007.2

  • Perforce Server 2007.3

  • Perforce Server 2007.3 143793


References

XF - perforceserver-multiple-commands-dos(41015)

BID - 28108

BUGTRAQ - 20080305 Multiple vulnerabilities in Perforce Server 2007.3/143793

SREASON - 3735

SECUNIA - 29231

MISC - http://aluigi.org/poc/perforces.zip

MISC - http://aluigi.altervista.org/adv/perforces-adv.txt


Last Updated: 27 May 2016 10:47:06