CVE-2008-0366 - OpenCVE

CORE FORCE before 0.95.172 does not properly validate arguments to SSDT hook handler functions in the Registry module, which allows local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Core Security Technologies	Core Force

Configuration 1 [-]

cpe:2.3:a:core_security_technologies:core_force:*:*:*:*:*:*:*:*

References

Link	Resource
http://force.coresecurity.com/index.php?module=articles&func=display&aid=32
http://securityreason.com/securityalert/3555
http://www.coresecurity.com/?action=item&id=2025	Patch
http://www.securityfocus.com/archive/1/486513/100/0/threaded
http://www.securityfocus.com/bid/27341	Exploit Patch
http://www.securitytracker.com/id?1019245
http://www.vupen.com/english/advisories/2008/0242

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-01-18T22:00:00

Updated: 2018-10-15T20:57:01

Reserved: 2008-01-18T00:00:00

Link: CVE-2008-0366

JSON object: View

NVD Information

Status : Modified

Published: 2008-01-18T23:00:00.000

Modified: 2018-10-15T21:59:08.390

Link: CVE-2008-0366

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-01-17T00:00:00", "descriptions": [{"lang": "en", "value": "CORE FORCE before 0.95.172 does not properly validate arguments to SSDT hook handler functions in the Registry module, which allows local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://force.coresecurity.com/index.php?module=articles&func=display&aid=32"}, {"name": "27341", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27341"}, {"name": "20080117 CORE-2007-1119: CORE FORCE Kernel Buffer Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/486513/100/0/threaded"}, {"name": "ADV-2008-0242", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0242"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.coresecurity.com/?action=item&id=2025"}, {"name": "3555", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3555"}, {"name": "1019245", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019245"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0366", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CORE FORCE before 0.95.172 does not properly validate arguments to SSDT hook handler functions in the Registry module, which allows local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://force.coresecurity.com/index.php?module=articles&func=display&aid=32", "refsource": "CONFIRM", "url": "http://force.coresecurity.com/index.php?module=articles&func=display&aid=32"}, {"name": "27341", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27341"}, {"name": "20080117 CORE-2007-1119: CORE FORCE Kernel Buffer Overflow", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/486513/100/0/threaded"}, {"name": "ADV-2008-0242", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0242"}, {"name": "http://www.coresecurity.com/?action=item&id=2025", "refsource": "CONFIRM", "url": "http://www.coresecurity.com/?action=item&id=2025"}, {"name": "3555", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3555"}, {"name": "1019245", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019245"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0366", "datePublished": "2008-01-18T22:00:00", "dateReserved": "2008-01-18T00:00:00", "dateUpdated": "2018-10-15T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:core_security_technologies:core_force:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5E443EA-4C09-40DD-A018-AAA25CC011E0", "versionEndIncluding": "0.95.167", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "CORE FORCE before 0.95.172 does not properly validate arguments to SSDT hook handler functions in the Registry module, which allows local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments."}, {"lang": "es", "value": "CORE FORCE versiones anteriores a 0.95.172 no valida apropiadamente argumentos en funciones del gestor de enganche (hook) SSDT en el m\u00f3dulo Registry, lo cual permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda de sistema) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n en contexto n\u00facleo mediante argumentos manipulados."}], "id": "CVE-2008-0366", "lastModified": "2018-10-15T21:59:08.390", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-01-18T23:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://force.coresecurity.com/index.php?module=articles&func=display&aid=32"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3555"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.coresecurity.com/?action=item&id=2025"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/486513/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/27341"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019245"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0242"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}