Vulnerabilities > CVE-2008-3910 - Numeric Errors vulnerability in HSC Dns2Tcp

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
hsc
CWE-189
critical

Summary

dns2tcp before 0.4.1 does not properly handle negative values in a certain length field in the input argument to the (1) dns_simple_decode or (2) dns_decode function, which allows remote attackers to overwrite a buffer and have unspecified other impact.

Vulnerable Configurations

Part Description Count
Application
Hsc
1

Common Weakness Enumeration (CWE)

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 31080 CVE ID:CVE-2008-3910 CNCVE ID:CNCVE-20083910 Dns2tcp是一款允许在DNS报文中封装TCP会话的工具。 Dns2tcp存在多个缓冲区溢出,远程攻击者可以利用漏洞以应用程序权限执行任意任意指令。 目前没有详细漏洞细节提供。 Herve Schauer Consultants (HSC) Dns2tcp 0.4 升级到最新版本: Herve Schauer Consultants (HSC) Dns2tcp 0.4 Herve Schauer Consultants (HSC) dns2tcp-0.4.1.tar.gz <a href=http://www.hsc.fr/ressources/outils/dns2tcp/download/dns2tcp-0.4.1.tar.gz target=_blank>http://www.hsc.fr/ressources/outils/dns2tcp/download/dns2tcp-0.4.1.tar.gz</a>
idSSV:4025
last seen2017-11-19
modified2008-09-11
published2008-09-11
reporterRoot
titleDns2tcp远程缓冲区溢出漏洞