Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4435

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2012-4435
Last Modified 24 Nov 2013 11:27:56
Published 22 Oct 2012 07:55:07
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-4435

Summary

fwknop before 2.0.3 does not properly validate IP addresses, which allows remote authenticated users to cause a denial of service (server crash) via a long IP address.

Vulnerable Systems

Application

  • Cipherdyne Fwknop 2.0

  • Cipherdyne Fwknop 2.0.1

  • Cipherdyne Fwknop 2.0.2


References

MLIST - [oss-security] 20120919 Re: CVE Request -- fwknop 2.0.3: Multiple security issues

MLIST - [oss-security] 20120919 CVE Request -- fwknop 2.0.3: Multiple security issues

CONFIRM - http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=f4c16bc47fc24a96b63105556b62d61c1ba7d799

CONFIRM - http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=263fa01f2af1d336961df320f1c7a9ea84ddac9a

CONFIRM - http://www.cipherdyne.org/blog/2012/09/software-release-fwknop-2.0.3.html

XF - fwknop-ipaddress-dos(79568)


Last Updated: 27 May 2016 10:51:46