Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2008-1678

Disclosure Date: July 10, 2008
CVE-2008-1678
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2008-1678 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678)
BID-31692 (http://www.securityfocus.com/bid/31692)
BID-31681 (http://www.securityfocus.com/bid/31681)
Advisory
http://www.redhat.com/support/errata/RHSA-2009-1075.html
SECUNIA-42724 (http://secunia.com/advisories/42724)
SECUNIA-34219 (http://secunia.com/advisories/34219)
XF-openssl-libssl-dos(43948) (https://exchange.xforce.ibmcloud.com/vulnerabilities/43948)
https://bugzilla.redhat.com/show_bug.cgi?id=447268
SECUNIA-31026 (http://secunia.com/advisories/31026)
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9754
https://issues.apache.org/bugzilla/show_bug.cgi?id=44975
SECUNIA-38761 (http://secunia.com/advisories/38761)
SECUNIA-31416 (http://secunia.com/advisories/31416)
SECUNIA-44183 (http://secunia.com/advisories/44183)
USN-731-1 (http://www.ubuntu.com/usn/USN-731-1)
http://bugs.gentoo.org/show_bug.cgi?id=222643
SECUNIA-32222 (http://secunia.com/advisories/32222)
SECUNIA-35264 (http://secunia.com/advisories/35264)
http://www.mandriva.com/security/advisories?name=MDVSA-2009:124
http://svn.apache.org/viewvc?view=rev&revision=654119
FEDORA-2008-6393 (https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00055.html)
GLSA-200807-06 (http://security.gentoo.org/glsa/glsa-200807-06.xml)
https://bugs.edge.launchpad.net/bugs/224945
ADV-2008-2780 (http://www.vupen.com/english/advisories/2008/2780)
https://bugs.edge.launchpad.net/bugs/186339
https://kb.bluecoat.com/index?page=content&id=SA50
SREASON-3981 (http://securityreason.com/securityalert/3981)
[openssl-dev] 20080512 possible memory leak in zlib compression (http://marc.info?l=openssl-dev&m=121060672602371&w=2)
APPLE-SA-2008-10-09 (http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html)
http://support.apple.com/kb/HT3216
SECUNIA-42733 (http://secunia.com/advisories/42733)
Miscellaneous
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
https://access.redhat.com/errata/RHSA-2009:1075
http://marc.info/?l=openssl-dev&m=121060672602371&w=2
https://access.redhat.com/security/cve/CVE-2008-1678

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis