Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2954

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2008-2954
Last Modified 10 Sep 2008 09:11:41
Published 01 Jul 2008 06:41:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2954

Summary

client/NmdcHub.cpp in Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a denial of service (crash) via an empty private message, which triggers an out-of-bounds read.

Vulnerable Systems

Application

  • Linux Direct Connect 0.686

  • Linux Direct Connect 0.699

  • Linux Direct Connect 0.700

  • Linux Direct Connect 0.701

  • Linux Direct Connect 0.702

  • Linux Direct Connect 0.703

  • Linux Direct Connect 0.704

  • Linux Direct Connect 0.705

  • Linux Direct Connect 0.706


References

FEDORA - FEDORA-2008-6038

FEDORA - FEDORA-2008-6018

XF - dc-pm-dos(43566)

SECTRACK - 1020410

SECTRACK - 1020409

BID - 30037

SECUNIA - 30918

SECUNIA - 30907

CONFIRM - http://dcplusplus.svn.sourceforge.net/viewvc/dcplusplus/dcplusplus/trunk/changelog.txt?r1=1027&r2=1026&pathrev=1027

CONFIRM - http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/client/NmdcHub.cpp.diff?r1=1.14&r2=1.15&sortby=date

CONFIRM - http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/Changelog.txt


Last Updated: 27 May 2016 10:48:02