Lucene search

MitreCVE-2008-1056

HistoryFeb 28, 2008 - 7:44 p.m.

CVE-2008-1056

2008-02-2819:44:00

CWE-119

mitre

web.nvd.nist.gov

cve-2008-1056

symark powerbroker

buffer overflow

privilege escalation

security vulnerability

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

High

EPSS

Percentile

5.1%

JSON

Multiple stack-based buffer overflows in Symark PowerBroker 2.8 through 5.0.1 allow local users to gain privileges via a long argv[0] string when executing (1) pbrun, (2) pbsh, or (3) pbksh. NOTE: the product is often installed in environments with trust relationships that facilitate subsequent remote compromises.

Affected configurations

Nvd

Node

symarkpowerbrokerMatch2.8

symarkpowerbrokerMatch3.0

symarkpowerbrokerMatch3.2

symarkpowerbrokerMatch3.5

symarkpowerbrokerMatch4.0

symarkpowerbrokerMatch5.0

symarkpowerbrokerMatch5.01

VendorProductVersionCPE
symarkpowerbroker2.8cpe:2.3:a:symark:powerbroker:2.8:*:*:*:*:*:*:*
symarkpowerbroker3.0cpe:2.3:a:symark:powerbroker:3.0:*:*:*:*:*:*:*
symarkpowerbroker3.2cpe:2.3:a:symark:powerbroker:3.2:*:*:*:*:*:*:*
symarkpowerbroker3.5cpe:2.3:a:symark:powerbroker:3.5:*:*:*:*:*:*:*
symarkpowerbroker4.0cpe:2.3:a:symark:powerbroker:4.0:*:*:*:*:*:*:*
symarkpowerbroker5.0cpe:2.3:a:symark:powerbroker:5.0:*:*:*:*:*:*:*
symarkpowerbroker5.01cpe:2.3:a:symark:powerbroker:5.01:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
symark	powerbroker	2.8	cpe:2.3:a:symark:powerbroker:2.8:::::::*
symark	powerbroker	3.0	cpe:2.3:a:symark:powerbroker:3.0:::::::*
symark	powerbroker	3.2	cpe:2.3:a:symark:powerbroker:3.2:::::::*
symark	powerbroker	3.5	cpe:2.3:a:symark:powerbroker:3.5:::::::*
symark	powerbroker	4.0	cpe:2.3:a:symark:powerbroker:4.0:::::::*
symark	powerbroker	5.0	cpe:2.3:a:symark:powerbroker:5.0:::::::*
symark	powerbroker	5.01	cpe:2.3:a:symark:powerbroker:5.01:::::::*

References

secunia.com/advisories/29111

www.mnin.org/advisories/2008_symarkpb.pdf

www.securityfocus.com/bid/28015

www.symark.com/support/PBFeb2008Announcement.html

exchange.xforce.ibmcloud.com/vulnerabilities/40872

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2008-1056