Vulnerability Details CVE-2008-1673
The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.184
EPSS Ranking 94.9%
CVSS Severity
CVSS v2 Score 10.0
References
- http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=33afb8403f361919aa5c8fe1d0a4f5ddbfbbea3c
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ddb2c43594f22843e9f3153da151deaba1a834c5
- http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.6
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.5
- http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
- http://secunia.com/advisories/30000
- http://secunia.com/advisories/30580
- http://secunia.com/advisories/30644
- http://secunia.com/advisories/30658
- http://secunia.com/advisories/30982
- http://secunia.com/advisories/31107
- http://secunia.com/advisories/31836
- http://secunia.com/advisories/32103
- http://secunia.com/advisories/32104
- http://secunia.com/advisories/32370
- http://secunia.com/advisories/32759
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0189
- http://www.debian.org/security/2008/dsa-1592
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:113
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:174
- http://www.securityfocus.com/archive/1/493300/100/0/threaded
- http://www.securityfocus.com/bid/29589
- http://www.securitytracker.com/id?1020210
- http://www.ubuntu.com/usn/usn-625-1
- http://www.vupen.com/english/advisories/2008/1770
- https://bugzilla.redhat.com/show_bug.cgi?id=443962
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42921
- https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00587.html
- http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=33afb8403f361919aa5c8fe1d0a4f5ddbfbbea3c
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ddb2c43594f22843e9f3153da151deaba1a834c5
- http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.6
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.5
- http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
- http://secunia.com/advisories/30000
- http://secunia.com/advisories/30580
- http://secunia.com/advisories/30644
- http://secunia.com/advisories/30658
- http://secunia.com/advisories/30982
- http://secunia.com/advisories/31107
- http://secunia.com/advisories/31836
- http://secunia.com/advisories/32103
- http://secunia.com/advisories/32104
- http://secunia.com/advisories/32370
- http://secunia.com/advisories/32759
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0189
- http://www.debian.org/security/2008/dsa-1592
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:113
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:174
- http://www.securityfocus.com/archive/1/493300/100/0/threaded
- http://www.securityfocus.com/bid/29589
- http://www.securitytracker.com/id?1020210
- http://www.ubuntu.com/usn/usn-625-1
- http://www.vupen.com/english/advisories/2008/1770
- https://bugzilla.redhat.com/show_bug.cgi?id=443962
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42921
- https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00587.html
Products affected by CVE-2008-1673
-
cpe:2.3:o:debian:debian_linux:4.0
-
cpe:2.3:o:linux:linux_kernel:2.4.0
-
cpe:2.3:o:linux:linux_kernel:2.4.1
-
cpe:2.3:o:linux:linux_kernel:2.4.10
-
cpe:2.3:o:linux:linux_kernel:2.4.11
-
cpe:2.3:o:linux:linux_kernel:2.4.12
-
cpe:2.3:o:linux:linux_kernel:2.4.13
-
cpe:2.3:o:linux:linux_kernel:2.4.14
-
cpe:2.3:o:linux:linux_kernel:2.4.15
-
cpe:2.3:o:linux:linux_kernel:2.4.16
-
cpe:2.3:o:linux:linux_kernel:2.4.17
-
cpe:2.3:o:linux:linux_kernel:2.4.18
-
cpe:2.3:o:linux:linux_kernel:2.4.19
-
cpe:2.3:o:linux:linux_kernel:2.4.2
-
cpe:2.3:o:linux:linux_kernel:2.4.20
-
cpe:2.3:o:linux:linux_kernel:2.4.21
-
cpe:2.3:o:linux:linux_kernel:2.4.22
-
cpe:2.3:o:linux:linux_kernel:2.4.23
-
cpe:2.3:o:linux:linux_kernel:2.4.23_ow2
-
cpe:2.3:o:linux:linux_kernel:2.4.24
-
cpe:2.3:o:linux:linux_kernel:2.4.24_ow1
-
cpe:2.3:o:linux:linux_kernel:2.4.25
-
cpe:2.3:o:linux:linux_kernel:2.4.26
-
cpe:2.3:o:linux:linux_kernel:2.4.27
-
cpe:2.3:o:linux:linux_kernel:2.4.28
-
cpe:2.3:o:linux:linux_kernel:2.4.29
-
cpe:2.3:o:linux:linux_kernel:2.4.3
-
cpe:2.3:o:linux:linux_kernel:2.4.30
-
cpe:2.3:o:linux:linux_kernel:2.4.31
-
cpe:2.3:o:linux:linux_kernel:2.4.32
-
cpe:2.3:o:linux:linux_kernel:2.4.33
-
cpe:2.3:o:linux:linux_kernel:2.4.33.2
-
cpe:2.3:o:linux:linux_kernel:2.4.33.3
-
cpe:2.3:o:linux:linux_kernel:2.4.33.4
-
cpe:2.3:o:linux:linux_kernel:2.4.33.5
-
cpe:2.3:o:linux:linux_kernel:2.4.34
-
cpe:2.3:o:linux:linux_kernel:2.4.35
-
cpe:2.3:o:linux:linux_kernel:2.4.36
-
cpe:2.3:o:linux:linux_kernel:2.4.36.1
-
cpe:2.3:o:linux:linux_kernel:2.4.36.2
-
cpe:2.3:o:linux:linux_kernel:2.4.36.3
-
cpe:2.3:o:linux:linux_kernel:2.4.36.4
-
cpe:2.3:o:linux:linux_kernel:2.4.36.5
-
cpe:2.3:o:linux:linux_kernel:2.4.4
-
cpe:2.3:o:linux:linux_kernel:2.4.5
-
cpe:2.3:o:linux:linux_kernel:2.4.6
-
cpe:2.3:o:linux:linux_kernel:2.4.7
-
cpe:2.3:o:linux:linux_kernel:2.4.8
-
cpe:2.3:o:linux:linux_kernel:2.4.9
-
cpe:2.3:o:linux:linux_kernel:2.6.0
-
cpe:2.3:o:linux:linux_kernel:2.6.1
-
cpe:2.3:o:linux:linux_kernel:2.6.10
-
cpe:2.3:o:linux:linux_kernel:2.6.11
-
cpe:2.3:o:linux:linux_kernel:2.6.11.11
-
cpe:2.3:o:linux:linux_kernel:2.6.11.12
-
cpe:2.3:o:linux:linux_kernel:2.6.11.4
-
cpe:2.3:o:linux:linux_kernel:2.6.11.5
-
cpe:2.3:o:linux:linux_kernel:2.6.11.6
-
cpe:2.3:o:linux:linux_kernel:2.6.11.7
-
cpe:2.3:o:linux:linux_kernel:2.6.11.8
-
cpe:2.3:o:linux:linux_kernel:2.6.12
-
cpe:2.3:o:linux:linux_kernel:2.6.12.1
-
cpe:2.3:o:linux:linux_kernel:2.6.12.12
-
cpe:2.3:o:linux:linux_kernel:2.6.12.2
-
cpe:2.3:o:linux:linux_kernel:2.6.12.22
-
cpe:2.3:o:linux:linux_kernel:2.6.12.3
-
cpe:2.3:o:linux:linux_kernel:2.6.12.4
-
cpe:2.3:o:linux:linux_kernel:2.6.12.5
-
cpe:2.3:o:linux:linux_kernel:2.6.12.6
-
cpe:2.3:o:linux:linux_kernel:2.6.13
-
cpe:2.3:o:linux:linux_kernel:2.6.13.1
-
cpe:2.3:o:linux:linux_kernel:2.6.13.2
-
cpe:2.3:o:linux:linux_kernel:2.6.13.3
-
cpe:2.3:o:linux:linux_kernel:2.6.13.4
-
cpe:2.3:o:linux:linux_kernel:2.6.14
-
cpe:2.3:o:linux:linux_kernel:2.6.14.1
-
cpe:2.3:o:linux:linux_kernel:2.6.14.2
-
cpe:2.3:o:linux:linux_kernel:2.6.14.3
-
cpe:2.3:o:linux:linux_kernel:2.6.14.4
-
cpe:2.3:o:linux:linux_kernel:2.6.14.5
-
cpe:2.3:o:linux:linux_kernel:2.6.15
-
cpe:2.3:o:linux:linux_kernel:2.6.15.1
-
cpe:2.3:o:linux:linux_kernel:2.6.15.11
-
cpe:2.3:o:linux:linux_kernel:2.6.15.2
-
cpe:2.3:o:linux:linux_kernel:2.6.15.3
-
cpe:2.3:o:linux:linux_kernel:2.6.15.4
-
cpe:2.3:o:linux:linux_kernel:2.6.15.5
-
cpe:2.3:o:linux:linux_kernel:2.6.16
-
cpe:2.3:o:linux:linux_kernel:2.6.16.1
-
cpe:2.3:o:linux:linux_kernel:2.6.16.11
-
cpe:2.3:o:linux:linux_kernel:2.6.16.12
-
cpe:2.3:o:linux:linux_kernel:2.6.16.13
-
cpe:2.3:o:linux:linux_kernel:2.6.16.19
-
cpe:2.3:o:linux:linux_kernel:2.6.16.23
-
cpe:2.3:o:linux:linux_kernel:2.6.16.27
-
cpe:2.3:o:linux:linux_kernel:2.6.16.7
-
cpe:2.3:o:linux:linux_kernel:2.6.16.9
-
cpe:2.3:o:linux:linux_kernel:2.6.17
-
cpe:2.3:o:linux:linux_kernel:2.6.17.1
-
cpe:2.3:o:linux:linux_kernel:2.6.17.10
-
cpe:2.3:o:linux:linux_kernel:2.6.17.11
-
cpe:2.3:o:linux:linux_kernel:2.6.17.12
-
cpe:2.3:o:linux:linux_kernel:2.6.17.13
-
cpe:2.3:o:linux:linux_kernel:2.6.17.14
-
cpe:2.3:o:linux:linux_kernel:2.6.17.2
-
cpe:2.3:o:linux:linux_kernel:2.6.17.3
-
cpe:2.3:o:linux:linux_kernel:2.6.17.5
-
cpe:2.3:o:linux:linux_kernel:2.6.17.6
-
cpe:2.3:o:linux:linux_kernel:2.6.17.7
-
cpe:2.3:o:linux:linux_kernel:2.6.17.8
-
cpe:2.3:o:linux:linux_kernel:2.6.18
-
cpe:2.3:o:linux:linux_kernel:2.6.18.1
-
cpe:2.3:o:linux:linux_kernel:2.6.18.3
-
cpe:2.3:o:linux:linux_kernel:2.6.18.4
-
cpe:2.3:o:linux:linux_kernel:2.6.19
-
cpe:2.3:o:linux:linux_kernel:2.6.19.1
-
cpe:2.3:o:linux:linux_kernel:2.6.19.2
-
cpe:2.3:o:linux:linux_kernel:2.6.2
-
cpe:2.3:o:linux:linux_kernel:2.6.20
-
cpe:2.3:o:linux:linux_kernel:2.6.20.1
-
cpe:2.3:o:linux:linux_kernel:2.6.20.11
-
cpe:2.3:o:linux:linux_kernel:2.6.20.13
-
cpe:2.3:o:linux:linux_kernel:2.6.20.15
-
cpe:2.3:o:linux:linux_kernel:2.6.20.2
-
cpe:2.3:o:linux:linux_kernel:2.6.20.3
-
cpe:2.3:o:linux:linux_kernel:2.6.20.4
-
cpe:2.3:o:linux:linux_kernel:2.6.20.5
-
cpe:2.3:o:linux:linux_kernel:2.6.20.8
-
cpe:2.3:o:linux:linux_kernel:2.6.20.9
-
cpe:2.3:o:linux:linux_kernel:2.6.21
-
cpe:2.3:o:linux:linux_kernel:2.6.21.1
-
cpe:2.3:o:linux:linux_kernel:2.6.21.2
-
cpe:2.3:o:linux:linux_kernel:2.6.21.6
-
cpe:2.3:o:linux:linux_kernel:2.6.21.7
-
cpe:2.3:o:linux:linux_kernel:2.6.22
-
cpe:2.3:o:linux:linux_kernel:2.6.22.1
-
cpe:2.3:o:linux:linux_kernel:2.6.22.11
-
cpe:2.3:o:linux:linux_kernel:2.6.22.12
-
cpe:2.3:o:linux:linux_kernel:2.6.22.13
-
cpe:2.3:o:linux:linux_kernel:2.6.22.14
-
cpe:2.3:o:linux:linux_kernel:2.6.22.15
-
cpe:2.3:o:linux:linux_kernel:2.6.22.16
-
cpe:2.3:o:linux:linux_kernel:2.6.22.17
-
cpe:2.3:o:linux:linux_kernel:2.6.22.3
-
cpe:2.3:o:linux:linux_kernel:2.6.22.4
-
cpe:2.3:o:linux:linux_kernel:2.6.22.5
-
cpe:2.3:o:linux:linux_kernel:2.6.22.6
-
cpe:2.3:o:linux:linux_kernel:2.6.22.7
-
cpe:2.3:o:linux:linux_kernel:2.6.22.8
-
cpe:2.3:o:linux:linux_kernel:2.6.22_rc1
-
cpe:2.3:o:linux:linux_kernel:2.6.22_rc7
-
cpe:2.3:o:linux:linux_kernel:2.6.23
-
cpe:2.3:o:linux:linux_kernel:2.6.23.1
-
cpe:2.3:o:linux:linux_kernel:2.6.23.10
-
cpe:2.3:o:linux:linux_kernel:2.6.23.14
-
cpe:2.3:o:linux:linux_kernel:2.6.23.2
-
cpe:2.3:o:linux:linux_kernel:2.6.23.3
-
cpe:2.3:o:linux:linux_kernel:2.6.23.4
-
cpe:2.3:o:linux:linux_kernel:2.6.23.5
-
cpe:2.3:o:linux:linux_kernel:2.6.23.6
-
cpe:2.3:o:linux:linux_kernel:2.6.23.7
-
cpe:2.3:o:linux:linux_kernel:2.6.23.9
-
cpe:2.3:o:linux:linux_kernel:2.6.24
-
cpe:2.3:o:linux:linux_kernel:2.6.24.1
-
cpe:2.3:o:linux:linux_kernel:2.6.24.2
-
cpe:2.3:o:linux:linux_kernel:2.6.24.6
-
cpe:2.3:o:linux:linux_kernel:2.6.24_rc1
-
cpe:2.3:o:linux:linux_kernel:2.6.25
-
cpe:2.3:o:linux:linux_kernel:2.6.25.1
-
cpe:2.3:o:linux:linux_kernel:2.6.25.2
-
cpe:2.3:o:linux:linux_kernel:2.6.25.3
-
cpe:2.3:o:linux:linux_kernel:2.6.25.4
-
cpe:2.3:o:linux:linux_kernel:2.6_test9_cvs