CVE-2008-0365 - OpenCVE

Multiple buffer overflows in CORE FORCE before 0.95.172 allow local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments to (1) IOCTL functions in the Firewall module or (2) SSDT hook handler functions in the Registry module.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Core Security Technologies	Core Force

Configuration 1 [-]

cpe:2.3:a:core_security_technologies:core_force:*:*:*:*:*:*:*:*

References

Link	Resource
http://force.coresecurity.com/index.php?module=articles&func=display&aid=32
http://securityreason.com/securityalert/3555
http://www.coresecurity.com/?action=item&id=2025
http://www.securityfocus.com/archive/1/486513/100/0/threaded
http://www.securityfocus.com/bid/27341
http://www.securitytracker.com/id?1019245
http://www.vupen.com/english/advisories/2008/0242
https://exchange.xforce.ibmcloud.com/vulnerabilities/39758

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-01-18T22:00:00

Updated: 2018-10-15T20:57:01

Reserved: 2008-01-18T00:00:00

Link: CVE-2008-0365

JSON object: View

NVD Information

Status : Modified

Published: 2008-01-18T23:00:00.000

Modified: 2018-10-15T21:59:07.687

Link: CVE-2008-0365

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-01-17T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in CORE FORCE before 0.95.172 allow local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments to (1) IOCTL functions in the Firewall module or (2) SSDT hook handler functions in the Registry module."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://force.coresecurity.com/index.php?module=articles&func=display&aid=32"}, {"name": "27341", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27341"}, {"name": "coreforce-firewall-registry-bo(39758)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39758"}, {"name": "20080117 CORE-2007-1119: CORE FORCE Kernel Buffer Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/486513/100/0/threaded"}, {"name": "ADV-2008-0242", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0242"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.coresecurity.com/?action=item&id=2025"}, {"name": "3555", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3555"}, {"name": "1019245", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019245"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0365", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in CORE FORCE before 0.95.172 allow local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments to (1) IOCTL functions in the Firewall module or (2) SSDT hook handler functions in the Registry module."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://force.coresecurity.com/index.php?module=articles&func=display&aid=32", "refsource": "CONFIRM", "url": "http://force.coresecurity.com/index.php?module=articles&func=display&aid=32"}, {"name": "27341", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27341"}, {"name": "coreforce-firewall-registry-bo(39758)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39758"}, {"name": "20080117 CORE-2007-1119: CORE FORCE Kernel Buffer Overflow", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/486513/100/0/threaded"}, {"name": "ADV-2008-0242", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0242"}, {"name": "http://www.coresecurity.com/?action=item&id=2025", "refsource": "CONFIRM", "url": "http://www.coresecurity.com/?action=item&id=2025"}, {"name": "3555", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3555"}, {"name": "1019245", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019245"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0365", "datePublished": "2008-01-18T22:00:00", "dateReserved": "2008-01-18T00:00:00", "dateUpdated": "2018-10-15T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:core_security_technologies:core_force:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5E443EA-4C09-40DD-A018-AAA25CC011E0", "versionEndIncluding": "0.95.167", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in CORE FORCE before 0.95.172 allow local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments to (1) IOCTL functions in the Firewall module or (2) SSDT hook handler functions in the Registry module."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en CORE FORCE versiones anteriores a 0.95.172 permiten a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n en contexto de n\u00facleo mediante argumentos manipulados en (1) funciones IOTCL en el m\u00f3dulo Firewall \u00f3 (2) funciones del gestor de enganche (hook) SSDT en el m\u00f3dulo Registry."}], "id": "CVE-2008-0365", "lastModified": "2018-10-15T21:59:07.687", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-01-18T23:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://force.coresecurity.com/index.php?module=articles&func=display&aid=32"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3555"}, {"source": "cve@mitre.org", "url": "http://www.coresecurity.com/?action=item&id=2025"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/486513/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/27341"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019245"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0242"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39758"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}