Lucene search

[email protected]NVD:CVE-2008-1136

HistoryMar 04, 2008 - 7:44 p.m.

CVE-2008-1136

2008-03-0419:44:00

CWE-20

CWE-94

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.03

Percentile

91.0%

JSON

The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679.

Affected configurations

Nvd

Node

syncesynceMatch0.10.0

syncesynceMatch0.92

VendorProductVersionCPE
syncesynce0.10.0cpe:2.3:a:synce:synce:0.10.0:*:*:*:*:*:*:*
syncesynce0.92cpe:2.3:a:synce:synce:0.92:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
synce	synce	0.10.0	cpe:2.3:a:synce:synce:0.10.0:::::::*
synce	synce	0.92	cpe:2.3:a:synce:synce:0.92:::::::*

References

secunia.com/advisories/29228

secunia.com/advisories/29285

securityreason.com/securityalert/3710

sourceforge.net/forum/forum.php?forum_id=766440

www.coresecurity.com/?action=item&id=2070

www.securityfocus.com/archive/1/485884/100/0/threaded

www.securityfocus.com/bid/27178

www.securityfocus.com/bid/28141

exchange.xforce.ibmcloud.com/vulnerabilities/39506

www.redhat.com/archives/fedora-package-announce/2008-March/msg00131.html

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.03

Percentile

91.0%

JSON

Related for NVD:CVE-2008-1136

cvelist1 cve1 prion1 redhatcve1 exploitdb1 fedora12 openvas24 nessus1