CVE-2008-3864 - OpenCVE

The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Trend Micro	Internet Security 2007 Internet Security 2008 Officescan

Configuration 1 [-]

OR	cpe:2.3:a:trend_micro:internet_security_2007::::::::
	cpe:2.3:a:trend_micro:internet_security_2008:17.0.1224:::::::*
	cpe:2.3:a:trend_micro:officescan:8.0:sp1::::::

No data.

References

Link	Providers
http://secunia.com/advisories/31160
http://secunia.com/advisories/33609
http://secunia.com/secunia_research/2008-42/
http://securityreason.com/securityalert/4937
http://www.securityfocus.com/archive/1/500195/100/0/threaded
http://www.securityfocus.com/bid/33358
http://www.securitytracker.com/id?1021614
http://www.securitytracker.com/id?1021615
http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt
http://www.vupen.com/english/advisories/2009/0191
https://exchange.xforce.ibmcloud.com/vulnerabilities/48106

History

No history.

MITRE

Status: PUBLISHED

Assigner: flexera

Published: 2009-01-21T20:00:00

Updated: 2024-08-07T09:53:00.486Z

Reserved: 2008-08-29T00:00:00

Link: CVE-2008-3864

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-01-21T20:30:00.187

Modified: 2018-10-11T20:50:07.200

Link: CVE-2008-3864

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-01-20T00:00:00", "descriptions": [{"lang": "en", "value": "The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera"}, "references": [{"name": "1021615", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021615"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2008-42/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"}, {"name": "tmpfw-apithread-dos(48106)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106"}, {"name": "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"}, {"name": "33358", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33358"}, {"name": "ADV-2009-0191", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/0191"}, {"name": "33609", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33609"}, {"name": "4937", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4937"}, {"name": "31160", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31160"}, {"name": "1021614", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021614"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2008-3864", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1021615", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021615"}, {"name": "http://secunia.com/secunia_research/2008-42/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2008-42/"}, {"name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", "refsource": "CONFIRM", "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"}, {"name": "tmpfw-apithread-dos(48106)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106"}, {"name": "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"}, {"name": "33358", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33358"}, {"name": "ADV-2009-0191", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0191"}, {"name": "33609", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33609"}, {"name": "4937", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4937"}, {"name": "31160", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31160"}, {"name": "1021614", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021614"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:53:00.486Z"}, "title": "CVE Program Container", "references": [{"name": "1021615", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1021615"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2008-42/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"}, {"name": "tmpfw-apithread-dos(48106)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106"}, {"name": "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"}, {"name": "33358", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/33358"}, {"name": "ADV-2009-0191", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/0191"}, {"name": "33609", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33609"}, {"name": "4937", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4937"}, {"name": "31160", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31160"}, {"name": "1021614", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1021614"}]}]}, "cveMetadata": {"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2008-3864", "datePublished": "2009-01-21T20:00:00", "dateReserved": "2008-08-29T00:00:00", "dateUpdated": "2024-08-07T09:53:00.486Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trend_micro:internet_security_2007:*:*:*:*:*:*:*:*", "matchCriteriaId": "C374395B-80B1-4FBA-88F6-1C155900E4DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:trend_micro:internet_security_2008:17.0.1224:*:*:*:*:*:*:*", "matchCriteriaId": "F794E937-C7EC-423B-AF79-F7C214114BCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:trend_micro:officescan:8.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "9A220318-78FB-4D3B-968D-7B0BF3BB1969", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field."}, {"lang": "es", "value": "La funci\u00f3n ApiThread en el servicio de cortafuegos (tambi\u00e9n conocido como TmPfw.exe) en los m\u00f3dulos Trend Micro Network Security Component (NSC), del modo que se usan en Trend Micro OfficeScan 8.0 SP1 Patch 1 e Internet Security 2007 y 2008 17.0.1224, permite a atacantes remotos provocar una denegaci\u00f3n de sevicio (ca\u00edda de aplicaci\u00f3n) mediante un paquete con un valor grande en un campo de tama\u00f1o no especificado."}], "id": "CVE-2008-3864", "lastModified": "2018-10-11T20:50:07.200", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-01-21T20:30:00.187", "references": [{"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31160"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/33609"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://secunia.com/secunia_research/2008-42/"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://securityreason.com/securityalert/4937"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/33358"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securitytracker.com/id?1021614"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securitytracker.com/id?1021615"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.vupen.com/english/advisories/2009/0191"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}