5

CVE-2008-3680

Exploit
The decryption function in Flagship Industries Ventrilo 3.0.2 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) by sending a type 0 packet with an invalid version followed by another packet to TCP port 3784.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Flagship IndustriesVentrilo Version1.01
Flagship IndustriesVentrilo Version1.03
Flagship IndustriesVentrilo Version1.04
Flagship IndustriesVentrilo Version1.05
Flagship IndustriesVentrilo Version1.06
Flagship IndustriesVentrilo Version2.1
Flagship IndustriesVentrilo Version2.1.1
Flagship IndustriesVentrilo Version2.1.2
Flagship IndustriesVentrilo Version2.1.3
Flagship IndustriesVentrilo Version2.1.4
Flagship IndustriesVentrilo Version2.2
Flagship IndustriesVentrilo Version2.3
Flagship IndustriesVentrilo Version2.3.2 Updateprototype.6
Flagship IndustriesVentrilo Version2.3.2 Updateprototype.9
Flagship IndustriesVentrilo Version3.0.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.81% 0.949
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://aluigi.altervista.org/adv/ventrilobotomy-adv.txt
http://aluigi.org/poc/ventrilobotomy.zip
Exploit
http://secunia.com/advisories/31466
Vendor Advisory
http://secunia.com/advisories/34696
http://security.gentoo.org/glsa/glsa-200904-13.xml
http://securityreason.com/securityalert/4156
http://www.securityfocus.com/archive/1/495448/100/0/threaded
http://www.securityfocus.com/bid/30675
Exploit
http://www.vupen.com/english/advisories/2008/2365
https://exchange.xforce.ibmcloud.com/vulnerabilities/44428
https://www.exploit-db.com/exploits/6237