Search...

CVE-2008-7164

2009-09-04T06:30:01

ID CVE-2008-7164
Type cve
Reporter NVD
Modified 2017-08-16T21:29:51

Description

Multiple unspecified vulnerabilities in Shareaza before 2.3.1.0 have unknown impact and attack vectors related to "very important security fixes," possibly involving update notifications and a domain that is no longer controlled by the vendor.

JSON Vulners Source

Initial Source

{"id": "CVE-2008-7164", "bulletinFamily": "NVD", "title": "CVE-2008-7164", "description": "Multiple unspecified vulnerabilities in Shareaza before 2.3.1.0 have unknown impact and attack vectors related to \"very important security fixes,\" possibly involving update notifications and a domain that is no longer controlled by the vendor.", "published": "2009-09-04T06:30:01", "modified": "2017-08-16T21:29:51", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7164", "reporter": "NVD", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/39484", "http://sourceforge.net/project/shownotes.php?group_id=110672&release_id=565250", "http://www.securityfocus.com/bid/27171"], "cvelist": ["CVE-2008-7164"], "type": "cve", "lastseen": "2017-08-17T11:14:10", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:ryo-oh-ki:shareaza:2.3.0.0", "cpe:/a:ryo-oh-ki:shareaza:2.2.0.0", "cpe:/a:ryo-oh-ki:shareaza:2.0.0.0", "cpe:/a:ryo-oh-ki:shareaza:2.2.1.0"], "cvelist": ["CVE-2008-7164"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Multiple unspecified vulnerabilities in Shareaza before 2.3.1.0 have unknown impact and attack vectors related to \"very important security fixes,\" possibly involving update notifications and a domain that is no longer controlled by the vendor.", "edition": 1, "enchantments": {}, "hash": "2689bb8612ca1c942af6c129cde5914636790d8df66fa40fa06a2b05ac8d6fa8", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "9bf364af2d7d88a3a168b7d4910c98a5", "key": "cpe"}, {"hash": "05fa482e7ebbbbfc316406b55e336e4f", "key": "modified"}, {"hash": "a61537f197df34add711dd10d7b3f808", "key": "published"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "19bf7982098afee645b9d2cf05a68ba0", "key": "references"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "dc70f9b616723b69b4884b26bd1d13c7", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "1cc79eb1892102f72e3059417574aad8", "key": "description"}, {"hash": "397d03deb2b50ba6f24d42ccdcf3d5c2", "key": "title"}, {"hash": "237fd0532a151fbd1ce434ba4ec98ffa", "key": "cvelist"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7164", "id": "CVE-2008-7164", "lastseen": "2016-09-03T11:54:01", "modified": "2009-09-04T00:00:00", "objectVersion": "1.2", "published": "2009-09-04T06:30:01", "references": ["http://sourceforge.net/project/shownotes.php?group_id=110672&release_id=565250", "http://xforce.iss.net/xforce/xfdb/39484", "http://www.securityfocus.com/bid/27171"], "reporter": "NVD", "scanner": [], "title": "CVE-2008-7164", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T11:54:01"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "9bf364af2d7d88a3a168b7d4910c98a5"}, {"key": "cvelist", "hash": "237fd0532a151fbd1ce434ba4ec98ffa"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "1cc79eb1892102f72e3059417574aad8"}, {"key": "href", "hash": "dc70f9b616723b69b4884b26bd1d13c7"}, {"key": "modified", "hash": "e504ffe74b6294329dcab289c08f9d1c"}, {"key": "published", "hash": "a61537f197df34add711dd10d7b3f808"}, {"key": "references", "hash": "39108b3bb63976fd663ac1baf3b157a0"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "397d03deb2b50ba6f24d42ccdcf3d5c2"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "9ff6da707edb20dfdf0edb88629849886da6f2b72f8111e3f5b0a2aab7b5b102", "viewCount": 0, "enchantments": {"score": {"value": 10.0, "vector": "NONE", "modified": "2017-08-17T11:14:10"}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:800604", "OPENVAS:1361412562310800604"]}], "modified": "2017-08-17T11:14:10"}, "vulnersScore": 10.0}, "objectVersion": "1.3", "cpe": ["cpe:/a:ryo-oh-ki:shareaza:2.3.0.0", "cpe:/a:ryo-oh-ki:shareaza:2.2.0.0", "cpe:/a:ryo-oh-ki:shareaza:2.0.0.0", "cpe:/a:ryo-oh-ki:shareaza:2.2.1.0"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}

{"openvas": [{"lastseen": "2017-07-02T21:14:05", "bulletinFamily": "scanner", "description": "This host has Shareaza installed and is prone Update Notification\n Spoofing vulnerabilities.", "modified": "2016-12-29T00:00:00", "published": "2009-09-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=800604", "id": "OPENVAS:800604", "title": "Shareaza Update Notification Spoofing Vulnerability", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_shareaza_update_notification_spoof_vuln.nasl 4869 2016-12-29 11:01:45Z teissa $\n#\n# Shareaza Update Notification Spoofing Vulnerability\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let the attackers conduct spoofing attacks.\n Impact Level: Application\";\ntag_affected = \"Shareaza version prior to 2.3.1.0\";\ntag_insight = \"The flaw is due to update notifications being handled via the domain\n update.shareaza.com, which is no longer controlled by the vendor. This can\n be exploited to spoof update notifications.\";\ntag_solution = \"Upgrade Shareaza version to 2.3.1.0\n http://shareaza.sourceforge.net/?id=download\";\ntag_summary = \"This host has Shareaza installed and is prone Update Notification\n Spoofing vulnerabilities.\";\n\nif(description)\n{\n script_id(800604);\n script_version(\"$Revision: 4869 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-29 12:01:45 +0100 (Thu, 29 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-11 18:01:06 +0200 (Fri, 11 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-7164\");\n script_bugtraq_id(27171);\n script_name(\"Shareaza Update Notification Spoofing Vulnerability\");\n\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_shareaza_detect.nasl\");\n script_require_ports(\"Services/www\", 6346);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/28302\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/39484\");\n script_xref(name : \"URL\" , value : \"http://sourceforge.net/project/shownotes.php?group_id=110672&release_id=565250\");\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nshareazaPort = get_http_port(default:6346);\n\nif(!shareazaPort){\n exit(0);\n}\n\nshareazaVer = get_kb_item(\"www/\" + shareazaPort + \"/Shareaza\");\n\nif(shareazaVer != NULL)\n{\n # Check for Shareaza versions prior to 2.3.1.0\n if(version_is_less(version:shareazaVer, test_version:\"2.3.1.0\")){\n security_message(shareazaPort);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:06:06", "bulletinFamily": "scanner", "description": "This host has Shareaza installed and is prone Update Notification\n Spoofing vulnerabilities.", "modified": "2018-04-06T00:00:00", "published": "2009-09-11T00:00:00", "id": "OPENVAS:1361412562310800604", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800604", "title": "Shareaza Update Notification Spoofing Vulnerability", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_shareaza_update_notification_spoof_vuln.nasl 9350 2018-04-06 07:03:33Z cfischer $\n#\n# Shareaza Update Notification Spoofing Vulnerability\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let the attackers conduct spoofing attacks.\n Impact Level: Application\";\ntag_affected = \"Shareaza version prior to 2.3.1.0\";\ntag_insight = \"The flaw is due to update notifications being handled via the domain\n update.shareaza.com, which is no longer controlled by the vendor. This can\n be exploited to spoof update notifications.\";\ntag_solution = \"Upgrade Shareaza version to 2.3.1.0\n http://shareaza.sourceforge.net/?id=download\";\ntag_summary = \"This host has Shareaza installed and is prone Update Notification\n Spoofing vulnerabilities.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800604\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-11 18:01:06 +0200 (Fri, 11 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-7164\");\n script_bugtraq_id(27171);\n script_name(\"Shareaza Update Notification Spoofing Vulnerability\");\n\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_shareaza_detect.nasl\");\n script_require_ports(\"Services/www\", 6346);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/28302\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/39484\");\n script_xref(name : \"URL\" , value : \"http://sourceforge.net/project/shownotes.php?group_id=110672&release_id=565250\");\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nshareazaPort = get_http_port(default:6346);\n\nif(!shareazaPort){\n exit(0);\n}\n\nshareazaVer = get_kb_item(\"www/\" + shareazaPort + \"/Shareaza\");\n\nif(shareazaVer != NULL)\n{\n # Check for Shareaza versions prior to 2.3.1.0\n if(version_is_less(version:shareazaVer, test_version:\"2.3.1.0\")){\n security_message(shareazaPort);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}