| Vulnerability Name: | CVE-2008-1440 (CCN-42695) | ||||||||
| Assigned: | 2008-06-10 | ||||||||
| Published: | 2008-06-10 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability." | ||||||||
| CVSS v3 Severity: | 7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
| ||||||||
| CVSS v2 Severity: | 7.1 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C) 5.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
5.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-20 | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-1440 Source: CCN Type: HP Security Bulletin HPSBST02344 SSRT080087 rev.1 Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-030 to MS08-036 Source: CCN Type: SA30587 Microsoft Windows Pragmatic General Multicast Denial of Service Source: SECUNIA Type: Permissions Required, Vendor Advisory 30587 Source: CCN Type: SECTRACK ID: 1020230 Windows Bug in Processing Pragmatic General Multicast Packets with an Invalid Option Length Lets Remote Users Deny Service Source: SECTRACK Type: Third Party Advisory, VDB Entry 1020230 Source: CCN Type: ASA-2008-237 MS08-036 Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762) Source: CCN Type: NORTEL BULLETIN ID: 2008008891, Rev 1 Centrex IP Client Manager (CICM) response to Microsoft June security bulletin Source: CCN Type: Microsoft Security Bulletin MS08-036 Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762) Source: BID Type: Patch 29508 Source: CCN Type: BID-29508 Microsoft Windows PGM Invalid Length Remote Denial Of Service Vulnerability Source: CERT Type: Third Party Advisory, US Government Resource TA08-162B Source: VUPEN Type: Broken Link ADV-2008-1783 Source: MS Type: UNKNOWN MS08-036 Source: XF Type: UNKNOWN win-pgm-option-length-dos(42695) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:5473 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||