Lucene search

[email protected]CVE-2008-0871

HistoryFeb 21, 2008 - 7:44 p.m.

CVE-2008-0871

2008-02-2119:44:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-0871

now sms

mms gateway

buffer overflow

remote code execution

http service

smpp service

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.888 High

EPSS

Percentile

98.7%

JSON

Multiple stack-based buffer overflows in Now SMS/MMS Gateway 2007.06.27 and earlier allow remote attackers to execute arbitrary code via a (1) long password in an Authorization header to the HTTP service or a (2) large packet to the SMPP service.

Affected configurations

NVD

Node

nowsms_mms_gatewayRange≤2007.06.27

CPENameOperatorVersion
now:sms_mms_gatewaynow sms mms gatewayle2007.06.27

CPE	Name	Operator	Version
now:sms_mms_gateway	now sms mms gateway	le	2007.06.27

References

aluigi.altervista.org/adv/nowsmsz-adv.txt

secunia.com/advisories/29003

www.securityfocus.com/archive/1/488365/100/100/threaded

www.securityfocus.com/bid/27896

www.vupen.com/english/advisories/2008/0615

www.exploit-db.com/exploits/5695

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.888 High

EPSS

Percentile

98.7%

JSON

Related for CVE-2008-0871

nessus1 cvelist1 prion1 nvd1 seebug1 packetstorm1