Lucene search

[email protected]CVE-2008-1136

HistoryMar 04, 2008 - 7:44 p.m.

CVE-2008-1136

2008-03-0419:44:00

CWE-94

CWE-20

[email protected]

web.nvd.nist.gov

cve-2008-1136

synce

vdccm

remote code execution

shell metacharacters

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.03 Low

EPSS

Percentile

91.0%

JSON

The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679.

Affected configurations

NVD

Node

syncesynceMatch0.10.0

syncesynceMatch0.92

CPENameOperatorVersion
synce:syncesynceeq0.10.0
synce:syncesynceeq0.92

CPE	Name	Operator	Version
synce:synce	synce	eq	0.10.0
synce:synce	synce	eq	0.92

References

secunia.com/advisories/29228

secunia.com/advisories/29285

securityreason.com/securityalert/3710

sourceforge.net/forum/forum.php?forum_id=766440

www.coresecurity.com/?action=item&id=2070

www.securityfocus.com/archive/1/485884/100/0/threaded

www.securityfocus.com/bid/27178

www.securityfocus.com/bid/28141

exchange.xforce.ibmcloud.com/vulnerabilities/39506

www.redhat.com/archives/fedora-package-announce/2008-March/msg00131.html

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.03 Low

EPSS

Percentile

91.0%

JSON

Related for CVE-2008-1136

cvelist1 prion1 nvd1 redhatcve1 openvas24 nessus1 fedora12