Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2008-1673

Disclosure Date: June 10, 2008 •

Description

The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

Products

References

Canonical

CVE-2008-1673 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1673)

BID-29589 (http://www.securityfocus.com/bid/29589)

Advisory

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html

SECUNIA-30000 (http://secunia.com/advisories/30000)

SECUNIA-30658 (http://secunia.com/advisories/30658)

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0189

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html

http://git.kernel.org?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ddb2c43594f22843e9f3153da151deaba1a834c5

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html

FEDORA-2008-5308 (https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00587.html)

SECUNIA-32104 (http://secunia.com/advisories/32104)

SECUNIA-30982 (http://secunia.com/advisories/30982)

SECUNIA-30580 (http://secunia.com/advisories/30580)

20080611 rPSA-2008-0189-1 kernel xen (http://www.securityfocus.com/archive/1/493300/100/0/threaded)

XF-linux-kernel-ber-decoder-bo(42921) (https://exchange.xforce.ibmcloud.com/vulnerabilities/42921)

SECUNIA-30644 (http://secunia.com/advisories/30644)

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.html

SECUNIA-32103 (http://secunia.com/advisories/32103)

http://www.mandriva.com/security/advisories?name=MDVSA-2008:113

SECTRACK-1020210 (http://www.securitytracker.com/id?1020210)

http://www.mandriva.com/security/advisories?name=MDVSA-2008:174

SECUNIA-32759 (http://secunia.com/advisories/32759)

ADV-2008-1770 (http://www.vupen.com/english/advisories/2008/1770)

SECUNIA-31107 (http://secunia.com/advisories/31107)

http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.5

SECUNIA-32370 (http://secunia.com/advisories/32370)

SECUNIA-31836 (http://secunia.com/advisories/31836)

USN-625-1 (http://www.ubuntu.com/usn/usn-625-1)

https://bugzilla.redhat.com/show_bug.cgi?id=443962

DSA-1592 (http://www.debian.org/security/2008/dsa-1592)

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html

http://git.kernel.org?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=33afb8403f361919aa5c8fe1d0a4f5ddbfbbea3c

http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.6

Miscellaneous

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=33afb8403f361919aa5c8fe1d0a4f5ddbfbbea3c

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ddb2c43594f22843e9f3153da151deaba1a834c5

Rapid7

Technical Analysis