CVE-2008-7127

osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to cause a denial of service (crash) via a crafted packet with a large string length value to UDP port 14000, which triggers a memory allocation failure that is not properly handled.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://aluigi.altervista.org/adv/visibroken-adv.txt	Exploit
http://archives.neohapsis.com/archives/fulldisclosure/2008-03/0018.html	Exploit
http://osvdb.org/43058	Exploit
http://secunia.com/advisories/29213	Vendor Advisory
http://www.securityfocus.com/bid/28084	Exploit
http://www.vupen.com/english/advisories/2008/0748/references	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/40983

Configurations

Configuration 1 (hide)

cpe:2.3:a:microfocus:visibroker:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-08-31 10:30

Updated : 2023-12-10 10:51

NVD link : CVE-2008-7127

Mitre link : CVE-2008-7127

CVE.ORG link : CVE-2008-7127

JSON object : View

Products Affected

microfocus

visibroker

CWE

CWE-399

Resource Management Errors

{"id": "CVE-2008-7127", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-08-31T10:30:01.187", "references": [{"url": "http://aluigi.altervista.org/adv/visibroken-adv.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-03/0018.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/43058", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29213", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/28084", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/0748/references", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40983", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to cause a denial of service (crash) via a crafted packet with a large string length value to UDP port 14000, which triggers a memory allocation failure that is not properly handled."}, {"lang": "es", "value": "osagent.exe en Borland VisiBroker Smart Agent v08.00.00.C1.03 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una paquete manipulado con una logitus de cadena larga al puerto UDP 14000, lo que provoca una fallo de localizaci\u00f3n de memoria que no se gestiona de forma adecuada."}], "lastModified": "2017-08-17T01:29:50.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:visibroker:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1D3737F-4146-4ED8-B7E5-137FE2F0D274", "versionEndIncluding": "08.00.00.c1.03"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}