Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3680

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-3680
Last Modified 07 Mar 2011 10:11:09
Published 14 Aug 2008 03:41:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3680

Summary

The decryption function in Flagship Industries Ventrilo 3.0.2 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) by sending a type 0 packet with an invalid version followed by another packet to TCP port 3784.

Vulnerable Systems

Application

  • Flagship Industries Ventrilo 1

  • Flagship Industries Ventrilo 1.01

  • Flagship Industries Ventrilo 1.03

  • Flagship Industries Ventrilo 1.04

  • Flagship Industries Ventrilo 1.05

  • Flagship Industries Ventrilo 1.06

  • Flagship Industries Ventrilo 2

  • Flagship Industries Ventrilo 2.1

  • Flagship Industries Ventrilo 2.1.1

  • Flagship Industries Ventrilo 2.1.2

  • Flagship Industries Ventrilo 2.1.3

  • Flagship Industries Ventrilo 2.1.4

  • Flagship Industries Ventrilo 2.2

  • Flagship Industries Ventrilo 2.3

  • Flagship Industries Ventrilo 2.3.2

  • Flagship Industries Ventrilo 3

  • Flagship Industries Ventrilo 3.0.2


References

XF - ventrilo-packets-dos(44428)

VUPEN - ADV-2008-2365

BID - 30675

BUGTRAQ - 20080813 NULL pointer in Ventrilo 3.0.2

MILW0RM - 6237

SREASON - 4156

GENTOO - GLSA-200904-13

SECUNIA - 34696

SECUNIA - 31466

MISC - http://aluigi.org/poc/ventrilobotomy.zip

MISC - http://aluigi.altervista.org/adv/ventrilobotomy-adv.txt


Last Updated: 27 May 2016 10:48:16