CVE-2008-0768 - OpenCVE

Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Informix Dynamic Server Informix Storage Manager
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:ibm:informix_dynamic_server::::::::
	cpe:2.3:a:ibm:informix_dynamic_server::::::::
	cpe:2.3:a:ibm:informix_storage_manager:-:::::::*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/28689
http://www-01.ibm.com/support/docview.wss?uid=swg21294211
http://www-1.ibm.com/support/search.wss?rs=0&q=IC55040&apar=only
http://www-1.ibm.com/support/search.wss?rs=0&q=IC55041&apar=only
http://www.securityfocus.com/bid/27485
http://www.securitytracker.com/id?1019281
http://www.vupen.com/english/advisories/2008/0317
https://exchange.xforce.ibmcloud.com/vulnerabilities/40018

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-02-13T21:00:00

Updated: 2024-08-07T07:54:23.329Z

Reserved: 2008-02-13T00:00:00

Link: CVE-2008-0768

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2008-02-13T22:00:00.000

Modified: 2019-08-01T12:12:54.997

Link: CVE-2008-0768

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-01-28T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2008-0317", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0317"}, {"name": "IC55041", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IC55041&apar=only"}, {"name": "IC55040", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IC55040&apar=only"}, {"name": "27485", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27485"}, {"name": "1019281", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019281"}, {"name": "28689", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28689"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21294211"}, {"name": "ibm-ids-xdr-bo(40018)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40018"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0768", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2008-0317", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0317"}, {"name": "IC55041", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IC55041&apar=only"}, {"name": "IC55040", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IC55040&apar=only"}, {"name": "27485", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27485"}, {"name": "1019281", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019281"}, {"name": "28689", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28689"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21294211", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21294211"}, {"name": "ibm-ids-xdr-bo(40018)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40018"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:54:23.329Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2008-0317", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0317"}, {"name": "IC55041", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IC55041&apar=only"}, {"name": "IC55040", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IC55040&apar=only"}, {"name": "27485", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27485"}, {"name": "1019281", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019281"}, {"name": "28689", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28689"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21294211"}, {"name": "ibm-ids-xdr-bo(40018)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40018"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0768", "datePublished": "2008-02-13T21:00:00", "dateReserved": "2008-02-13T00:00:00", "dateUpdated": "2024-08-07T07:54:23.329Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "53BCF01B-A64E-4161-8E6E-F0BD0FBB3D42", "versionEndIncluding": "10.00.xc8", "versionStartIncluding": "10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "8625CD11-E4A8-484C-9F35-FBCFC0D290A8", "versionEndIncluding": "11.10.xc2", "versionStartIncluding": "11.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:informix_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "B5838FCA-32C4-4DB3-9B83-5BF40916CBBE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basados en pila y en mont\u00edculo en los componentes Windows RPC para IBM Informix Storage Manager (ISM), como se utilizan en Informix Dynamic Server (IDS) 10.00.xC8 y anteriores y 11.10.xC2 y anteriores. Permiten a atacantes ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de peticiones XDR manipuladas."}], "id": "CVE-2008-0768", "lastModified": "2019-08-01T12:12:54.997", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-02-13T22:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/28689"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21294211"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IC55040&apar=only"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IC55041&apar=only"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/27485"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1019281"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2008/0317"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40018"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}