CVE-2008-1338 - Vulnerability Details - OpenCVE

The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a server-DiffFile command with an integer value within a certain range, which causes a loop until all memory is exhausted.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Perforce	Perforce Server

Configuration 1 [-]

cpe:2.3:a:perforce:perforce_server:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://aluigi.altervista.org/adv/perforces-adv.txt
http://aluigi.org/poc/perforces.zip
http://secunia.com/advisories/29231
http://securityreason.com/securityalert/3735
http://www.securityfocus.com/archive/1/489179/100/0/threaded
http://www.securityfocus.com/bid/28108
https://exchange.xforce.ibmcloud.com/vulnerabilities/41017
https://exchange.xforce.ibmcloud.com/vulnerabilities/41361

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-03-14T20:00:00

Updated: 2024-08-07T08:17:34.549Z

Reserved: 2008-03-14T00:00:00

Link: CVE-2008-1338

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-03-14T20:44:00.000

Modified: 2024-11-21T00:44:18.380

Link: CVE-2008-1338

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-03-05T00:00:00", "descriptions": [{"lang": "en", "value": "The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a server-DiffFile command with an integer value within a certain range, which causes a loop until all memory is exhausted."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://aluigi.org/poc/perforces.zip"}, {"name": "28108", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28108"}, {"name": "20080305 Multiple vulnerabilities in Perforce Server 2007.3/143793", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/489179/100/0/threaded"}, {"name": "perforce-server-p4s-dos(41361)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41361"}, {"name": "29231", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29231"}, {"tags": ["x_refsource_MISC"], "url": "http://aluigi.altervista.org/adv/perforces-adv.txt"}, {"name": "3735", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3735"}, {"name": "perforceserver-serverdifffile-dos(41017)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41017"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1338", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a server-DiffFile command with an integer value within a certain range, which causes a loop until all memory is exhausted."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://aluigi.org/poc/perforces.zip", "refsource": "MISC", "url": "http://aluigi.org/poc/perforces.zip"}, {"name": "28108", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28108"}, {"name": "20080305 Multiple vulnerabilities in Perforce Server 2007.3/143793", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/489179/100/0/threaded"}, {"name": "perforce-server-p4s-dos(41361)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41361"}, {"name": "29231", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29231"}, {"name": "http://aluigi.altervista.org/adv/perforces-adv.txt", "refsource": "MISC", "url": "http://aluigi.altervista.org/adv/perforces-adv.txt"}, {"name": "3735", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3735"}, {"name": "perforceserver-serverdifffile-dos(41017)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41017"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:17:34.549Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://aluigi.org/poc/perforces.zip"}, {"name": "28108", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28108"}, {"name": "20080305 Multiple vulnerabilities in Perforce Server 2007.3/143793", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/489179/100/0/threaded"}, {"name": "perforce-server-p4s-dos(41361)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41361"}, {"name": "29231", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29231"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://aluigi.altervista.org/adv/perforces-adv.txt"}, {"name": "3735", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3735"}, {"name": "perforceserver-serverdifffile-dos(41017)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41017"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1338", "datePublished": "2008-03-14T20:00:00", "dateReserved": "2008-03-14T00:00:00", "dateUpdated": "2024-08-07T08:17:34.549Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:perforce:perforce_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "0396CDF3-115D-4BE3-8C83-3D2AEA983422", "versionEndIncluding": "2007.3_143793", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a server-DiffFile command with an integer value within a certain range, which causes a loop until all memory is exhausted."}, {"lang": "es", "value": "El servicio Perforce (p4s.exe) de Perforce Server 2007.3/143793 y versiones anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (parada del servicio) mediante la utilizaci\u00f3n de un comando server-DiffFile con un valor entero dentro de cierto rango, causando un bucle de ejecuci\u00f3n hasta que toda la memoria es ocupada."}], "id": "CVE-2008-1338", "lastModified": "2024-11-21T00:44:18.380", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-03-14T20:44:00.000", "references": [{"source": "cve@mitre.org", "url": "http://aluigi.altervista.org/adv/perforces-adv.txt"}, {"source": "cve@mitre.org", "url": "http://aluigi.org/poc/perforces.zip"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29231"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3735"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/489179/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/28108"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41017"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41361"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://aluigi.altervista.org/adv/perforces-adv.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://aluigi.org/poc/perforces.zip"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29231"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3735"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/489179/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/28108"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41017"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41361"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}