Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1673

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-1673
Last Modified 26 Nov 2012 10:44:56
Published 09 Jun 2008 08:32:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1673

Summary

The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding.

Vulnerable Systems

Operating System

  • Debian Linux 4.0

  • Linux Kernel 2.4.0

  • Linux Kernel 2.4.1

  • Linux Kernel 2.4.10

  • Linux Kernel 2.4.11

  • Linux Kernel 2.4.12

  • Linux Kernel 2.4.13

  • Linux Kernel 2.4.14

  • Linux Kernel 2.4.15

  • Linux Kernel 2.4.16

  • Linux Kernel 2.4.17

  • Linux Kernel 2.4.18

  • Linux Kernel 2.4.19

  • Linux Kernel 2.4.2

  • Linux Kernel 2.4.20

  • Linux Kernel 2.4.21

  • Linux Kernel 2.4.22

  • Linux Kernel 2.4.23

  • Linux Kernel 2.4.23 Ow2

  • Linux Kernel 2.4.24

  • Linux Kernel 2.4.24 Ow1

  • Linux Kernel 2.4.25

  • Linux Kernel 2.4.26

  • Linux Kernel 2.4.27

  • Linux Kernel 2.4.28

  • Linux Kernel 2.4.29

  • Linux Kernel 2.4.3

  • Linux Kernel 2.4.30

  • Linux Kernel 2.4.31

  • Linux Kernel 2.4.32

  • Linux Kernel 2.4.33

  • Linux Kernel 2.4.33.2

  • Linux Kernel 2.4.33.3

  • Linux Kernel 2.4.33.4

  • Linux Kernel 2.4.33.5

  • Linux Kernel 2.4.34

  • Linux Kernel 2.4.35

  • Linux Kernel 2.4.36

  • Linux Kernel 2.4.36.1

  • Linux Kernel 2.4.36.2

  • Linux Kernel 2.4.36.3

  • Linux Kernel 2.4.36.4

  • Linux Kernel 2.4.36.5

  • Linux Kernel 2.4.4

  • Linux Kernel 2.4.5

  • Linux Kernel 2.4.6

  • Linux Kernel 2.4.7

  • Linux Kernel 2.4.8

  • Linux Kernel 2.4.9

  • Linux Kernel 2.6 Test9 Cvs

  • Linux Kernel 2.6.0

  • Linux Kernel 2.6.1

  • Linux Kernel 2.6.10

  • Linux Kernel 2.6.11

  • Linux Kernel 2.6.11.11

  • Linux Kernel 2.6.11.12

  • Linux Kernel 2.6.11.4

  • Linux Kernel 2.6.11.5

  • Linux Kernel 2.6.11.6

  • Linux Kernel 2.6.11.7

  • Linux Kernel 2.6.11.8

  • Linux Kernel 2.6.12

  • Linux Kernel 2.6.12.1

  • Linux Kernel 2.6.12.12

  • Linux Kernel 2.6.12.2

  • Linux Kernel 2.6.12.22

  • Linux Kernel 2.6.12.3

  • Linux Kernel 2.6.12.4

  • Linux Kernel 2.6.12.5

  • Linux Kernel 2.6.12.6

  • Linux Kernel 2.6.13

  • Linux Kernel 2.6.13.1

  • Linux Kernel 2.6.13.2

  • Linux Kernel 2.6.13.3

  • Linux Kernel 2.6.13.4

  • Linux Kernel 2.6.14

  • Linux Kernel 2.6.14.1

  • Linux Kernel 2.6.14.2

  • Linux Kernel 2.6.14.3

  • Linux Kernel 2.6.14.4

  • Linux Kernel 2.6.14.5

  • Linux Kernel 2.6.15

  • Linux Kernel 2.6.15.1

  • Linux Kernel 2.6.15.11

  • Linux Kernel 2.6.15.2

  • Linux Kernel 2.6.15.3

  • Linux Kernel 2.6.15.4

  • Linux Kernel 2.6.15.5

  • Linux Kernel 2.6.16

  • Linux Kernel 2.6.16.1

  • Linux Kernel 2.6.16.11

  • Linux Kernel 2.6.16.12

  • Linux Kernel 2.6.16.13

  • Linux Kernel 2.6.16.19

  • Linux Kernel 2.6.16.23

  • Linux Kernel 2.6.16.27

  • Linux Kernel 2.6.16.7

  • Linux Kernel 2.6.16.9

  • Linux Kernel 2.6.17

  • Linux Kernel 2.6.17.1

  • Linux Kernel 2.6.17.10

  • Linux Kernel 2.6.17.11

  • Linux Kernel 2.6.17.12

  • Linux Kernel 2.6.17.13

  • Linux Kernel 2.6.17.14

  • Linux Kernel 2.6.17.2

  • Linux Kernel 2.6.17.3

  • Linux Kernel 2.6.17.5

  • Linux Kernel 2.6.17.6

  • Linux Kernel 2.6.17.7

  • Linux Kernel 2.6.17.8

  • Linux Kernel 2.6.18

  • Linux Kernel 2.6.18.1

  • Linux Kernel 2.6.18.3

  • Linux Kernel 2.6.18.4

  • Linux Kernel 2.6.19

  • Linux Kernel 2.6.19.0

  • Linux Kernel 2.6.19.1

  • Linux Kernel 2.6.19.2

  • Linux Kernel 2.6.2

  • Linux Kernel 2.6.20

  • Linux Kernel 2.6.20.1

  • Linux Kernel 2.6.20.11

  • Linux Kernel 2.6.20.13

  • Linux Kernel 2.6.20.15

  • Linux Kernel 2.6.20.2

  • Linux Kernel 2.6.20.3

  • Linux Kernel 2.6.20.4

  • Linux Kernel 2.6.20.5

  • Linux Kernel 2.6.20.8

  • Linux Kernel 2.6.20.9

  • Linux Kernel 2.6.21

  • Linux Kernel 2.6.21.1

  • Linux Kernel 2.6.21.2

  • Linux Kernel 2.6.21.6

  • Linux Kernel 2.6.21.7

  • Linux Kernel 2.6.22

  • Linux Kernel 2.6.22 Rc1

  • Linux Kernel 2.6.22 Rc7

  • Linux Kernel 2.6.22.1

  • Linux Kernel 2.6.22.11

  • Linux Kernel 2.6.22.12

  • Linux Kernel 2.6.22.13

  • Linux Kernel 2.6.22.14

  • Linux Kernel 2.6.22.15

  • Linux Kernel 2.6.22.16

  • Linux Kernel 2.6.22.17

  • Linux Kernel 2.6.22.3

  • Linux Kernel 2.6.22.4

  • Linux Kernel 2.6.22.5

  • Linux Kernel 2.6.22.6

  • Linux Kernel 2.6.22.7

  • Linux Kernel 2.6.22.8

  • Linux Kernel 2.6.23

  • Linux Kernel 2.6.23.1

  • Linux Kernel 2.6.23.10

  • Linux Kernel 2.6.23.14

  • Linux Kernel 2.6.23.2

  • Linux Kernel 2.6.23.3

  • Linux Kernel 2.6.23.4

  • Linux Kernel 2.6.23.5

  • Linux Kernel 2.6.23.6

  • Linux Kernel 2.6.23.7

  • Linux Kernel 2.6.23.9

  • Linux Kernel 2.6.24

  • Linux Kernel 2.6.24 Rc1

  • Linux Kernel 2.6.24.1

  • Linux Kernel 2.6.24.2

  • Linux Kernel 2.6.24.6

  • Linux Kernel 2.6.25

  • Linux Kernel 2.6.25.1

  • Linux Kernel 2.6.25.2

  • Linux Kernel 2.6.25.3

  • Linux Kernel 2.6.25.4


References

BID - 29589

FEDORA - FEDORA-2008-5308

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=443962

XF - linux-kernel-ber-decoder-bo(42921)

VUPEN - ADV-2008-1770

UBUNTU - USN-625-1

BUGTRAQ - 20080611 rPSA-2008-0189-1 kernel xen

MANDRIVA - MDVSA-2008:174

MANDRIVA - MDVSA-2008:113

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0189

SECUNIA - 32759

SECUNIA - 32104

SECUNIA - 32103

SECUNIA - 31836

SECUNIA - 31107

SECUNIA - 30658

SECUNIA - 30644

SECUNIA - 30580

SUSE - SUSE-SR:2008:025

SUSE - SUSE-SA:2008:049

SUSE - SUSE-SA:2008:048

SUSE - SUSE-SA:2008:047

SUSE - SUSE-SA:2008:038

SUSE - SUSE-SA:2008:035

CONFIRM - http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.5

CONFIRM - http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.6

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ddb2c43594f22843e9f3153da151deaba1a834c5

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=33afb8403f361919aa5c8fe1d0a4f5ddbfbbea3c

SECTRACK - 1020210

SECUNIA - 30000

SECUNIA - 32370

SUSE - SUSE-SA:2008:052

SECUNIA - 30982

XF - kernel-ber-decoder-bo(42921)


Last Updated: 27 May 2016 10:59:55