Vulnerabilities > CVE-2008-2719 - Numeric Errors vulnerability in Nasm Netwide Assembler 2.02
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | NASM 2.0 'ppscan()' Off-By-One Buffer Overflow Vulnerability. CVE-2008-2719. Remote exploit for linux platform |
| id | EDB-ID:31903 |
| last seen | 2016-02-03 |
| modified | 2008-06-21 |
| published | 2008-06-21 |
| reporter | Philipp Thomas |
| source | https://www.exploit-db.com/download/31903/ |
| title | NASM 2.0 - 'ppscan' Off-By-One Buffer Overflow Vulnerability |
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-648-1.NASL description Philipp Thomas discovered that the ppscan function of nasm contained an off-by-one error. If a user or automated system were tricked into assembling a specially crafted ASM file, a remote attacker could execute arbitrary commands with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36953 published 2009-04-23 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36953 title Ubuntu 8.04 LTS : nasm vulnerability (USN-648-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-648-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(36953); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:33:02"); script_cve_id("CVE-2008-2719"); script_xref(name:"USN", value:"648-1"); script_name(english:"Ubuntu 8.04 LTS : nasm vulnerability (USN-648-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Philipp Thomas discovered that the ppscan function of nasm contained an off-by-one error. If a user or automated system were tricked into assembling a specially crafted ASM file, a remote attacker could execute arbitrary commands with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/648-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected nasm package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nasm"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"patch_publication_date", value:"2008/09/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(8\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"8.04", pkgname:"nasm", pkgver:"0.99.06-2ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nasm"); }NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-120.NASL description An off-by-one error was found in nasm 2.02 that allowed context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow (CVE-2008-2719). The updated packages have been patched to prevent this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 37637 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37637 title Mandriva Linux Security Advisory : nasm (MDVSA-2008:120)
Statements
| contributor | Mark J Cox |
| lastmodified | 2008-07-04 |
| organization | Red Hat |
| statement | Not vulnerable. These issues did not affect the versions of NASM as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. |
References
- https://sourceforge.net/tracker/?func=detail&atid=106208&aid=1942146&group_id=6208
- http://www.openwall.com/lists/oss-security/2008/06/11/4
- http://www.openwall.com/lists/oss-security/2008/06/11/5
- http://secunia.com/advisories/30594
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:120
- http://www.securityfocus.com/bid/29656
- https://sourceforge.net/project/shownotes.php?group_id=6208&release_id=606115
- http://www.securitytracker.com/id?1020259
- http://www.ubuntu.com/usn/usn-648-1
- http://secunia.com/advisories/32059
- http://www.vupen.com/english/advisories/2008/1811
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42995
- http://repo.or.cz/w/nasm.git?a=commit%3Bh=76ec8e73db16f4cf1453a142d03bcc74d528f72f