CVE-2008-1279 - Vulnerability Details - OpenCVE

Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Acronis	True Image

Configuration 1 [-]

OR	cpe:2.3:a:acronis:true_image:::group_server:::::*
	cpe:2.3:a:acronis:true_image:::enterprise_server:::::*

No data.

References

Link	Providers
http://aluigi.altervista.org/adv/acrogroup-adv.txt
http://secunia.com/advisories/29306
http://www.securityfocus.com/archive/1/489353/100/0/threaded
http://www.securityfocus.com/bid/28169
http://www.vupen.com/english/advisories/2008/0813/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41071

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-03-10T23:00:00

Updated: 2024-08-07T08:17:33.923Z

Reserved: 2008-03-10T00:00:00

Link: CVE-2008-1279

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-03-10T23:44:00.000

Modified: 2024-11-21T00:44:09.357

Link: CVE-2008-1279

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-03-08T00:00:00", "descriptions": [{"lang": "en", "value": "Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "29306", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29306"}, {"name": "ADV-2008-0813", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0813/references"}, {"name": "20080310 Invalid memory access in Acronis True Image Group Server 1.5.19.191", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/489353/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://aluigi.altervista.org/adv/acrogroup-adv.txt"}, {"name": "acronis-groupserver-dos(41071)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41071"}, {"name": "28169", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28169"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1279", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "29306", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29306"}, {"name": "ADV-2008-0813", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0813/references"}, {"name": "20080310 Invalid memory access in Acronis True Image Group Server 1.5.19.191", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/489353/100/0/threaded"}, {"name": "http://aluigi.altervista.org/adv/acrogroup-adv.txt", "refsource": "MISC", "url": "http://aluigi.altervista.org/adv/acrogroup-adv.txt"}, {"name": "acronis-groupserver-dos(41071)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41071"}, {"name": "28169", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28169"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:17:33.923Z"}, "title": "CVE Program Container", "references": [{"name": "29306", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29306"}, {"name": "ADV-2008-0813", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0813/references"}, {"name": "20080310 Invalid memory access in Acronis True Image Group Server 1.5.19.191", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/489353/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://aluigi.altervista.org/adv/acrogroup-adv.txt"}, {"name": "acronis-groupserver-dos(41071)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41071"}, {"name": "28169", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28169"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1279", "datePublished": "2008-03-10T23:00:00", "dateReserved": "2008-03-10T00:00:00", "dateUpdated": "2024-08-07T08:17:33.923Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:acronis:true_image:*:*:group_server:*:*:*:*:*", "matchCriteriaId": "0368A045-C9E2-4B33-9617-85F632624DD9", "versionEndIncluding": "1.5.19.191", "vulnerable": true}, {"criteria": "cpe:2.3:a:acronis:true_image:*:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "E50A07EE-946C-42F4-9F4E-E95C5330DD41", "versionEndIncluding": "9.5.0.8072", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read."}, {"lang": "es", "value": "Acronis True Image Group Server 1.5.19.191 y anteriores, inclu\u00eddos en Acronis True Image Enterprise Server 9.5.0.8072 y los otros paquetes True Image, permiten a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un paquete con un tama\u00f1o de campo inv\u00e1lido que causa una lectura fuera de l\u00edmite."}], "id": "CVE-2008-1279", "lastModified": "2024-11-21T00:44:09.357", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-03-10T23:44:00.000", "references": [{"source": "cve@mitre.org", "url": "http://aluigi.altervista.org/adv/acrogroup-adv.txt"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29306"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/489353/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28169"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0813/references"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41071"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://aluigi.altervista.org/adv/acrogroup-adv.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29306"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/489353/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/28169"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/0813/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41071"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}