CVE-2011-2008

CWE-20 — Improper Input Validation29 documents8 sources

Severity

5.0MEDIUM

EPSS

52.5%

top 2.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Host Integration Server

Timeline

PublishedOct 12

Latest updateMay 14

Description

Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/host_integration_server4 versions+3

🔴Vulnerability Details

GHSA

GHSA-v93c-j87p-pp29: Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service ou↗2022-05-14

▶

Kernel

namei: allow restricted O_CREAT of FIFOs and regular files↗2018-08-23

▶

CVEList

CVE-2011-2008: Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service ou↗2011-10-12

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows (x86) - 'afd.sys' Local Privilege Escalation (MS11-046)↗2016-10-18

▶

Exploit-DB

IBM Lotus Domino Server Controller - Authentication Bypass↗2011-11-30

▶

Exploit-DB

Siemens SIMATIC WinCC Flexible (Runtime) - Multiple Vulnerabilities↗2011-11-28

▶

Exploit-DB

phpScheduleIt 1.2.10 - 'reserve.php' Arbitrary Code Injection (Metasploit)↗2011-10-26

▶

Exploit-DB

TugZip 3.5 Archiver - '.ZIP' File Parsing Buffer Overflow (Metasploit)↗2011-10-11

▶

📋Vendor Advisories

Red Hat

libvirt: several API calls do not honour read-only connection↗2011-03-02

▶

Red Hat

bash: Insecure temporary file use in aliasconv.sh, aliasconv.bash, cshtobash (symlink attack)↗2008-08-13

▶

💬Community

Bugzilla

CVE-2011-4324 kernel: nfsv4: mknod(2) DoS↗2011-11-21

▶

Bugzilla

CVE-2008-7293 firefox: unable to restrict modifications to cookies in HTTPS sessions due to loack of HSTS support↗2011-08-12

▶

Bugzilla

CVE-2008-5299 chm2pdf insecure temporary file symlink flaw↗2008-12-03

▶