CVE-2008-1944 - Vulnerability Details - OpenCVE

Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized Framebuffer (PVFB) Message 3.0 through 3.0.3 allows local users to cause a denial of service (SDL crash) and possibly execute arbitrary code via "bogus screen updates," related to missing validation of the "format of messages."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Desktop Enterprise Linux Virtualization Server
Xensource	Xen

Configuration 1 [-]

AND

OR	cpe:2.3:o:redhat:desktop:5:::::::*
	cpe:2.3:o:redhat:enterprise_linux:5.0::client:::::
	cpe:2.3:o:redhat:enterprise_linux:5.0::server:::::
	cpe:2.3:o:redhat:virtualization_server:5:::::::*

OR	cpe:2.3:a:xensource:xen:3.0:::::::*
	cpe:2.3:a:xensource:xen:3.0.3:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
xen-0:3.0.3-41.el5_1.5	cpe:/o:redhat:enterprise_linux:5	RHSA-2008:0194	2008-05-13T00:00:00Z

References

Link	Providers
http://secunia.com/advisories/29963
http://www.redhat.com/support/errata/RHSA-2008-0194.html
http://www.securityfocus.com/bid/29186
http://www.securitytracker.com/id?1020009
https://bugzilla.redhat.com/show_bug.cgi?id=443390
https://exchange.xforce.ibmcloud.com/vulnerabilities/42388
https://nvd.nist.gov/vuln/detail/CVE-2008-1944
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10868
https://www.cve.org/CVERecord?id=CVE-2008-1944

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2008-05-14T18:00:00

Updated: 2024-08-07T08:41:00.398Z

Reserved: 2008-04-24T00:00:00

Link: CVE-2008-1944

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-05-14T18:20:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-1944

Redhat

Severity : Important

Publid Date: 2008-05-13T00:00:00Z

Links: CVE-2008-1944 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-05-13T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized Framebuffer (PVFB) Message 3.0 through 3.0.3 allows local users to cause a denial of service (SDL crash) and possibly execute arbitrary code via \"bogus screen updates,\" related to missing validation of the \"format of messages.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2008:0194", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0194.html"}, {"name": "1020009", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1020009"}, {"name": "xen-pvfb-message-dos(42388)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42388"}, {"name": "29963", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29963"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=443390"}, {"name": "oval:org.mitre.oval:def:10868", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10868"}, {"name": "29186", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29186"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:41:00.398Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2008:0194", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0194.html"}, {"name": "1020009", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1020009"}, {"name": "xen-pvfb-message-dos(42388)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42388"}, {"name": "29963", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29963"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=443390"}, {"name": "oval:org.mitre.oval:def:10868", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10868"}, {"name": "29186", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/29186"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2008-1944", "datePublished": "2008-05-14T18:00:00", "dateReserved": "2008-04-24T00:00:00", "dateUpdated": "2024-08-07T08:41:00.398Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:desktop:5:*:*:*:*:*:*:*", "matchCriteriaId": "6C49CDB8-DC34-4791-B3B0-C1EAF0638B04", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:client:*:*:*:*:*", "matchCriteriaId": "3AA8F2EC-55E9-4529-A816-B5D495605F6B", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*", "matchCriteriaId": "40D71CBC-D365-4710-BAB5-8A1159F35E41", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:virtualization_server:5:*:*:*:*:*:*:*", "matchCriteriaId": "6D84BCA5-7642-4638-98D9-482473FFCB14", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:xensource:xen:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6E5532C-4937-47C9-88DB-724106627030", "vulnerable": true}, {"criteria": "cpe:2.3:a:xensource:xen:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "3A90622F-17E0-4BE4-87A8-97135CC83141", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized Framebuffer (PVFB) Message 3.0 through 3.0.3 allows local users to cause a denial of service (SDL crash) and possibly execute arbitrary code via \"bogus screen updates,\" related to missing validation of the \"format of messages.\""}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en el backend del b\u00fafer de XenSource Xen Para-Virtualized Framebuffer (PVFB) Message versiones 3.0 hasta 3.0.3, permite a usuarios locales causar una denegaci\u00f3n de servicio (bloqueo de SDL) y posiblemente ejecutar c\u00f3digo arbitrario por medio de \"bogus screen updates,\" relacionadas con la falta de comprobaci\u00f3n del \"format of messages.\""}], "evaluatorImpact": "https://bugzilla.redhat.com/show_bug.cgi?id=443078\r\n\"The PVFB backend is a user space program running as root in dom0\"", "id": "CVE-2008-1944", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-05-14T18:20:00.000", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29963"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2008-0194.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/29186"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1020009"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=443390"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42388"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10868"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29963"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0194.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/29186"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1020009"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=443390"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42388"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10868"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}