Vulnerability CVE-2008-0308 - CERT Civis.Net

Vulnerability Name:

CVE-2008-0308 (CCN-40870)

Assigned:

2008-02-26

Published:

2008-02-26

Updated:

2011-03-08

Summary:

Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to cause a denial of service (memory consumption) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

7.1 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2008-0308

Source: IDEFENSE
Type: UNKNOWN
20080226 Symantec Scan Engine 5.1.2 RAR File Denial of Service Vulnerability

Source: CCN
Type: SA29140
Symantec Products Symantec Decomposer RAR File Handling Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
29140

Source: CCN
Type: SYM08-006
Symantec Decomposer: Multiple Denial of Service Vulnerabilities

Source: CCN
Type: SECTRACK ID: 1019503
Symantec Anti Virus Decomposer Memory Consumption and Buffer Overflow Bugs Let Remote Users Deny Service

Source: CCN
Type: OSVDB ID: 42331
Symantec Multiple Products Symantec Decomposer RAR File Handling Memory Consumption DoS

Source: BID
Type: UNKNOWN
27911

Source: CCN
Type: BID-27911
Symantec Decomposer Resource Consumption Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1019503

Source: CONFIRM
Type: UNKNOWN
http://www.symantec.com/avcenter/security/Content/2008.02.27.html

Source: VUPEN
Type: UNKNOWN
ADV-2008-0680

Source: XF
Type: UNKNOWN
symantec-decomposer-dos(40870)

Source: CCN
Type: iDefense Labs PUBLIC ADVISORY: 02.26.08
Symantec Scan Engine 5.1.2 RAR File Denial of Service Vulnerability

Vulnerable Configuration:

Configuration 1:

cpe:/a:symantec:scan_engine:*:*:*:*:*:*:*:* (Version <= 5.1.4.24)

OR cpe:/a:symantec:symantec_antivirus_clearswift:*:*:*:*:*:*:*:* (Version <= 4.3.16.39)

OR cpe:/a:symantec:symantec_antivirus_filtering_domino_mpe:*:*:aix:*:*:*:*:* (Version <= 3.0.12)

OR cpe:/a:symantec:symantec_antivirus_filtering_domino_mpe:*:*:linux:*:*:*:*:* (Version <= 3.0.12)

OR cpe:/a:symantec:symantec_antivirus_filtering_domino_mpe:*:*:solaris:*:*:*:*:* (Version <= 3.0.12)

OR cpe:/a:symantec:symantec_antivirus_messaging:*:*:*:*:*:*:*:* (Version <= 4.3.16.39)

OR cpe:/a:symantec:symantec_antivirus_microsoft_sharepoint:*:*:*:*:*:*:*:* (Version <= 4.3.16.39)

OR cpe:/a:symantec:symantec_antivirus_ms_isa:*:*:*:*:*:*:*:* (Version <= 4.3.16.39)

OR cpe:/a:symantec:symantec_antivirus_network_attached_storage:*:*:*:*:*:*:*:* (Version <= 4.3.16.39)

OR cpe:/a:symantec:symantec_antivirus_scan_engine:*:*:*:*:*:*:*:* (Version <= 4.3.16.39)

OR cpe:/a:symantec:symantec_antivirus_scan_engine_caching:*:*:*:*:*:*:*:* (Version <= 4.3.16.39)

OR cpe:/a:symantec:symantec_mail_security_exchange:*:*:*:*:*:*:*:* (Version <= 4.6.5.12)

OR cpe:/a:symantec:symantec_mail_security_exchange:*:*:*:*:*:*:*:* (Version <= 5.0.4.363)

Configuration CCN 1:

cpe:/a:symantec:scan_engine:5.1.4.24:*:*:*:*:*:*:*

Denotes that component is vulnerable