CVE-2008-1118

Sažetak

Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does not perform input validation before logging information fields taken from packets from a remote peer, which allows remote attackers to generate crafted log entries, and possibly avoid detection of attacks, via modified (1) computer name, (2) user name, and (3) IP address fields.

Reference

http://secunia.com/advisories/29316
http://securityreason.com/securityalert/3742
http://www.coresecurity.com/?action=item&id=2166
http://www.securityfocus.com/archive/1/489414/100/0/threaded
http://www.securityfocus.com/bid/28081
https://exchange.xforce.ibmcloud.com/vulnerabilities/41330
https://www.exploit-db.com/exploits/5238

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-10-2018 - 20:29

Objavljeno

14-03-2008 - 20:44