Lucene search

SAINT CorporationSAINT:E5D556055B83B47680A4EB44AC25D2AA

HistoryApr 25, 2008 - 12:00 a.m.

Borland StarTeam Multicast Service parse_request buffer overflow

2008-04-2500:00:00

SAINT Corporation

download.saintcorporation.com

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.751 High

EPSS

Percentile

98.2%

JSON

Added: 04/25/2008
CVE: CVE-2008-0311
BID: 28602
OSVDB: 44039

Background

Borland StarTeam is a software change and configuration management system.

Problem

A buffer overflow vulnerability in the **PGMWebHandler::parse_request** function in the StarTeam Multicast Service allows remote attackers to execute arbitrary commands by sending a large HTTP request.

Resolution

Disable the Multicast Service monitoring port.

References

<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=675>

Limitations

Exploit works on Borland StarTeam 2005.

Platforms

Windows 2000
Windows Server 2003

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.751 High

EPSS

Percentile

98.2%

JSON

Related for SAINT:E5D556055B83B47680A4EB44AC25D2AA