Vulnerabilities > CVE-2008-1440 - Improper Validation of Specified Quantity in Input vulnerability in Microsoft Windows Server 2003 and Windows XP
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 4 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS08-036.NASL |
description | The remote version of Windows is affected by a vulnerability in the Pragmatic General Multicast protocol installed with the MSMQ service. An attacker may exploit this flaw to crash the remote host remotely. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 33137 |
published | 2008-06-10 |
reporter | This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/33137 |
title | MS08-036: Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762) |
code |
|
Oval
accepted | 2011-11-14T04:00:33.195-05:00 | ||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||
description | Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability." | ||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:5473 | ||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||
submitted | 2008-06-10T16:00:00 | ||||||||||||||||||||||||||||||||||||||||
title | PGM Invalid Length Vulnerability | ||||||||||||||||||||||||||||||||||||||||
version | 42 |
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 29508,29509 CVE(CAN) ID: CVE-2008-1440,CVE-2008-1441 Microsoft Windows是微软发布的非常流行的操作系统。 Windows的实际通用多播(PGM)协议实现中存在多个拒绝服务漏洞,如果远程攻击者发送了带有无效长度的PGM报文,或PGM畸形碎片的话,就可能导致系统停止响应。 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Vista SP1 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2003 SP1 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS08-036)以及相应补丁: MS08-036:Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762) 链接:<a href=http://www.microsoft.com/technet/security/bulletin/MS08-036.mspx?pf=true target=_blank>http://www.microsoft.com/technet/security/bulletin/MS08-036.mspx?pf=true</a> |
id | SSV:3415 |
last seen | 2017-11-19 |
modified | 2008-06-14 |
published | 2008-06-14 |
reporter | Root |
title | Microsoft Windows PGM报文多个拒绝服务漏洞(MS08-036) |
References
- http://www.us-cert.gov/cas/techalerts/TA08-162B.html
- http://www.securityfocus.com/bid/29508
- http://securitytracker.com/id?1020230
- http://secunia.com/advisories/30587
- http://www.vupen.com/english/advisories/2008/1783
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5473
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-036