Vulnerabilities > CVE-2008-3910 - Numeric Errors vulnerability in HSC Dns2Tcp
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
dns2tcp before 0.4.1 does not properly handle negative values in a certain length field in the input argument to the (1) dns_simple_decode or (2) dns_decode function, which allows remote attackers to overwrite a buffer and have unspecified other impact.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 31080 CVE ID:CVE-2008-3910 CNCVE ID:CNCVE-20083910 Dns2tcp是一款允许在DNS报文中封装TCP会话的工具。 Dns2tcp存在多个缓冲区溢出,远程攻击者可以利用漏洞以应用程序权限执行任意任意指令。 目前没有详细漏洞细节提供。 Herve Schauer Consultants (HSC) Dns2tcp 0.4 升级到最新版本: Herve Schauer Consultants (HSC) Dns2tcp 0.4 Herve Schauer Consultants (HSC) dns2tcp-0.4.1.tar.gz <a href=http://www.hsc.fr/ressources/outils/dns2tcp/download/dns2tcp-0.4.1.tar.gz target=_blank>http://www.hsc.fr/ressources/outils/dns2tcp/download/dns2tcp-0.4.1.tar.gz</a> |
| id | SSV:4025 |
| last seen | 2017-11-19 |
| modified | 2008-09-11 |
| published | 2008-09-11 |
| reporter | Root |
| title | Dns2tcp远程缓冲区溢出漏洞 |
References
- http://www.hsc.fr/ressources/outils/dns2tcp/index.html.en
- http://www.hsc.fr/ressources/outils/dns2tcp/index.html.en
- http://www.openwall.com/lists/oss-security/2008/09/03/5
- http://www.openwall.com/lists/oss-security/2008/09/03/5
- http://www.securityfocus.com/bid/31080
- http://www.securityfocus.com/bid/31080
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44974
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44974