CVE-2008-0768 - OpenCVE

Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Informix Dynamic Server Informix Storage Manager
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:ibm:informix_dynamic_server::::::::
	cpe:2.3:a:ibm:informix_dynamic_server::::::::
	cpe:2.3:a:ibm:informix_storage_manager:-:::::::*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/28689	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21294211	Vendor Advisory
http://www-1.ibm.com/support/search.wss?rs=0&q=IC55040&apar=only	Vendor Advisory
http://www-1.ibm.com/support/search.wss?rs=0&q=IC55041&apar=only	Vendor Advisory
http://www.securityfocus.com/bid/27485	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1019281	Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/0317	Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/40018	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-02-13T21:00:00

Updated: 2017-08-07T12:57:01

Reserved: 2008-02-13T00:00:00

Link: CVE-2008-0768

JSON object: View

NVD Information

Status : Analyzed

Published: 2008-02-13T22:00:00.000

Modified: 2019-08-01T12:12:54.997

Link: CVE-2008-0768

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-01-28T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2008-0317", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0317"}, {"name": "IC55041", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IC55041&apar=only"}, {"name": "IC55040", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IC55040&apar=only"}, {"name": "27485", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27485"}, {"name": "1019281", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019281"}, {"name": "28689", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28689"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21294211"}, {"name": "ibm-ids-xdr-bo(40018)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40018"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0768", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2008-0317", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0317"}, {"name": "IC55041", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IC55041&apar=only"}, {"name": "IC55040", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IC55040&apar=only"}, {"name": "27485", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27485"}, {"name": "1019281", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019281"}, {"name": "28689", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28689"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21294211", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21294211"}, {"name": "ibm-ids-xdr-bo(40018)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40018"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0768", "datePublished": "2008-02-13T21:00:00", "dateReserved": "2008-02-13T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "53BCF01B-A64E-4161-8E6E-F0BD0FBB3D42", "versionEndIncluding": "10.00.xc8", "versionStartIncluding": "10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "8625CD11-E4A8-484C-9F35-FBCFC0D290A8", "versionEndIncluding": "11.10.xc2", "versionStartIncluding": "11.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:informix_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "B5838FCA-32C4-4DB3-9B83-5BF40916CBBE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basados en pila y en mont\u00edculo en los componentes Windows RPC para IBM Informix Storage Manager (ISM), como se utilizan en Informix Dynamic Server (IDS) 10.00.xC8 y anteriores y 11.10.xC2 y anteriores. Permiten a atacantes ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de peticiones XDR manipuladas."}], "id": "CVE-2008-0768", "lastModified": "2019-08-01T12:12:54.997", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-02-13T22:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/28689"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21294211"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IC55040&apar=only"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IC55041&apar=only"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/27485"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1019281"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2008/0317"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40018"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}