5

CVE-2008-1303

Exploit
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a missing parameter to the (1) dm-FaultFile, (2) dm-LazyCheck, (3) dm-ResolvedFile, (4) dm-OpenFile, (5) crypto, and possibly unspecified other commands, which triggers a NULL pointer dereference.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PerforcePerforce Server Version <= 2007.3_143793
PerforcePerforce Server Version2000.1
PerforcePerforce Server Version2000.2
PerforcePerforce Server Version2001.1
PerforcePerforce Server Version2001.2
PerforcePerforce Server Version2002.1
PerforcePerforce Server Version2002.2
PerforcePerforce Server Version2003.1
PerforcePerforce Server Version2003.2
PerforcePerforce Server Version2004.2
PerforcePerforce Server Version2005.1
PerforcePerforce Server Version2005.2
PerforcePerforce Server Version2006.1
PerforcePerforce Server Version2006.2
PerforcePerforce Server Version2007.2
PerforcePerforce Server Version2007.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.58% 0.938
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://aluigi.altervista.org/adv/perforces-adv.txt
http://aluigi.org/poc/perforces.zip
Exploit
http://secunia.com/advisories/29231
Vendor Advisory
http://securityreason.com/securityalert/3735
http://www.securityfocus.com/archive/1/489179/100/0/threaded
http://www.securityfocus.com/bid/28108
https://exchange.xforce.ibmcloud.com/vulnerabilities/41015