CVE-2008-1320 - OpenCVE

Multiple buffer overflows in ASG-Sentry Network Manager 7.0.0 and earlier allow remote attackers to execute arbitrary code or cause a denial of service (crash) via (1) a long request to FxIAList on TCP port 6162, or (2) an SNMP request with a long community string to FxAgent on UDP port 6161.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Asg	Asg-sentry

Configuration 1 [-]

cpe:2.3:a:asg:asg-sentry:*:*:*:*:*:*:*:*

References

Link	Resource
http://aluigi.altervista.org/adv/asgulo-adv.txt	Exploit
http://secunia.com/advisories/29289	Vendor Advisory
http://securityreason.com/securityalert/3737
http://www.securityfocus.com/archive/1/489359/100/0/threaded
http://www.securityfocus.com/bid/28188
http://www.vupen.com/english/advisories/2008/0839/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41082
https://exchange.xforce.ibmcloud.com/vulnerabilities/41086
https://www.exploit-db.com/exploits/5229

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-03-13T14:00:00

Updated: 2018-10-11T19:57:01

Reserved: 2008-03-13T00:00:00

Link: CVE-2008-1320

JSON object: View

NVD Information

Status : Modified

Published: 2008-03-13T14:44:00.000

Modified: 2018-10-11T20:31:43.450

Link: CVE-2008-1320

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-03-10T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in ASG-Sentry Network Manager 7.0.0 and earlier allow remote attackers to execute arbitrary code or cause a denial of service (crash) via (1) a long request to FxIAList on TCP port 6162, or (2) an SNMP request with a long community string to FxAgent on UDP port 6161."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "28188", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28188"}, {"name": "ADV-2008-0839", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0839/references"}, {"name": "3737", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3737"}, {"name": "asgsentry-fxagent-bo(41082)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41082"}, {"name": "29289", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29289"}, {"name": "20080310 Multiple vulnerabilities in ASG-Sentry 7.0.0", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/489359/100/0/threaded"}, {"name": "5229", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/5229"}, {"tags": ["x_refsource_MISC"], "url": "http://aluigi.altervista.org/adv/asgulo-adv.txt"}, {"name": "asgsentry-fxialist-bo(41086)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41086"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1320", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in ASG-Sentry Network Manager 7.0.0 and earlier allow remote attackers to execute arbitrary code or cause a denial of service (crash) via (1) a long request to FxIAList on TCP port 6162, or (2) an SNMP request with a long community string to FxAgent on UDP port 6161."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "28188", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28188"}, {"name": "ADV-2008-0839", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0839/references"}, {"name": "3737", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3737"}, {"name": "asgsentry-fxagent-bo(41082)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41082"}, {"name": "29289", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29289"}, {"name": "20080310 Multiple vulnerabilities in ASG-Sentry 7.0.0", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/489359/100/0/threaded"}, {"name": "5229", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/5229"}, {"name": "http://aluigi.altervista.org/adv/asgulo-adv.txt", "refsource": "MISC", "url": "http://aluigi.altervista.org/adv/asgulo-adv.txt"}, {"name": "asgsentry-fxialist-bo(41086)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41086"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1320", "datePublished": "2008-03-13T14:00:00", "dateReserved": "2008-03-13T00:00:00", "dateUpdated": "2018-10-11T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:asg:asg-sentry:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5065286-B6BD-42E8-9246-E5FED510F917", "versionEndIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in ASG-Sentry Network Manager 7.0.0 and earlier allow remote attackers to execute arbitrary code or cause a denial of service (crash) via (1) a long request to FxIAList on TCP port 6162, or (2) an SNMP request with a long community string to FxAgent on UDP port 6161."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en ASG-Sentry Network Manager versi\u00f3n 7.0.0 y anteriores permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (fallo) mediante (1) una petici\u00f3n especialmente larga a FxIAList en el puerto 6162 TCP o (2) una petici\u00f3n SNMP con una cadena de comunidad especialmente larga a FxAgent en el puerto 6161 UDP."}], "id": "CVE-2008-1320", "lastModified": "2018-10-11T20:31:43.450", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-03-13T14:44:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://aluigi.altervista.org/adv/asgulo-adv.txt"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29289"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3737"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/489359/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28188"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0839/references"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41082"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41086"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/5229"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}