CVE-2008-2709 - Vulnerability Details - OpenCVE

Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module on IBM OS/400 V5R4M0, V5R4M5, and V6R1M0 allows local users to cause a denial of service (task halt and main storage dump) via unspecified vectors involving the running of diagnostics on a modem port. NOTE: there might be limited attack scenarios.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00047.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm Subscribe	Os 400 Subscribe

Configuration 1 [-]

OR	cpe:2.3:o:ibm:os_400:v5r4m0:::::::*
	cpe:2.3:o:ibm:os_400:v5r4m5:::::::*
	cpe:2.3:o:ibm:os_400:v6r1m0:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2008-2703	Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module on IBM OS/400 V5R4M0, V5R4M5, and V6R1M0 allows local users to cause a denial of service (task halt and main storage dump) via unspecified vectors involving the running of diagnostics on a modem port. NOTE: there might be limited attack scenarios.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://secunia.com/advisories/30554
http://www-1.ibm.com/support/docview.wss?uid=nas21f21bcbaa63f55268625745e003c6f64
http://www.securityfocus.com/bid/29660
http://www.vupen.com/english/advisories/2008/1799
https://exchange.xforce.ibmcloud.com/vulnerabilities/42984

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-06-16T20:00:00

Updated: 2024-08-07T09:14:14.649Z

Reserved: 2008-06-16T00:00:00

Link: CVE-2008-2709

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-06-16T20:41:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-2709

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-06-12T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module on IBM OS/400 V5R4M0, V5R4M5, and V6R1M0 allows local users to cause a denial of service (task halt and main storage dump) via unspecified vectors involving the running of diagnostics on a modem port. NOTE: there might be limited attack scenarios."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "30554", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30554"}, {"name": "MA36741", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-1.ibm.com/support/docview.wss?uid=nas21f21bcbaa63f55268625745e003c6f64"}, {"name": "ADV-2008-1799", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1799"}, {"name": "29660", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29660"}, {"name": "os400-brsmrcvandcheck-bo(42984)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42984"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-2709", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module on IBM OS/400 V5R4M0, V5R4M5, and V6R1M0 allows local users to cause a denial of service (task halt and main storage dump) via unspecified vectors involving the running of diagnostics on a modem port. NOTE: there might be limited attack scenarios."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "30554", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30554"}, {"name": "MA36741", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/docview.wss?uid=nas21f21bcbaa63f55268625745e003c6f64"}, {"name": "ADV-2008-1799", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1799"}, {"name": "29660", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29660"}, {"name": "os400-brsmrcvandcheck-bo(42984)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42984"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:14:14.649Z"}, "title": "CVE Program Container", "references": [{"name": "30554", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30554"}, {"name": "MA36741", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-1.ibm.com/support/docview.wss?uid=nas21f21bcbaa63f55268625745e003c6f64"}, {"name": "ADV-2008-1799", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1799"}, {"name": "29660", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/29660"}, {"name": "os400-brsmrcvandcheck-bo(42984)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42984"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2709", "datePublished": "2008-06-16T20:00:00", "dateReserved": "2008-06-16T00:00:00", "dateUpdated": "2024-08-07T09:14:14.649Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:os_400:v5r4m0:*:*:*:*:*:*:*", "matchCriteriaId": "F448C696-3FC9-442F-8F01-F1103287274F", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:os_400:v5r4m5:*:*:*:*:*:*:*", "matchCriteriaId": "4B18B289-2C9F-46CC-9CDE-4D424A74ACB1", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:os_400:v6r1m0:*:*:*:*:*:*:*", "matchCriteriaId": "14477D0B-1123-4B93-AD9F-95C78138B6E8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module on IBM OS/400 V5R4M0, V5R4M5, and V6R1M0 allows local users to cause a denial of service (task halt and main storage dump) via unspecified vectors involving the running of diagnostics on a modem port. NOTE: there might be limited attack scenarios."}, {"lang": "es", "value": "Desbordamiento de buffer en la funci\u00f3n BrSmRcvAndCheck en el m\u00f3dulo RCHMGR de IBM OS/400 V5R4M0, V5R4M5, y V6R1M0, permite a atacantes locales provocar una denegaci\u00f3n de servicio (parada de tarea y volcado de almacemiento principal), a trav\u00e9s de vectores no especificados involucrados en la ejecuci\u00f3n de diagn\u00f3sticos en un puerto de modem. NOTA: Podr\u00eda haber escenarios de ataque limitados."}], "id": "CVE-2008-2709", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-06-16T20:41:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30554"}, {"source": "cve@mitre.org", "url": "http://www-1.ibm.com/support/docview.wss?uid=nas21f21bcbaa63f55268625745e003c6f64"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/29660"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1799"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42984"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30554"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-1.ibm.com/support/docview.wss?uid=nas21f21bcbaa63f55268625745e003c6f64"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/29660"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1799"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42984"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}