Vulnerabilities > CVE-2008-4038 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 17 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS08-063.NASL description The remote host contains a memory corruption vulnerability in the last seen 2020-06-01 modified 2020-06-02 plugin id 34408 published 2008-10-15 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34408 title MS08-063: Microsoft Windows SMB File Name Handling Remote Underflow (957095) NASL family Windows NASL id WIN_SERVER_2008_NTLM_PCI.NASL description According to the version number obtained by NTLM the remote host has Windows Server 2008 installed. The host may be vulnerable to a number of vulnerabilities including remote unauthenticated code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 108811 published 2018-04-03 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108811 title Windows Server 2008 Critical RCE Vulnerabilities (uncredentialed) (PCI/DSS)
Oval
| accepted | 2011-11-14T04:00:45.764-05:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| description | Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability." | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:5787 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| submitted | 2008-10-14T13:33:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| title | SMB Buffer Underflow Vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| version | 44 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 31647 CVE(CAN) ID: CVE-2008-4038 Microsoft Windows是微软发布的非常流行的操作系统。 Microsoft服务器消息块(SMB)协议处理特制文件名的方式中存在一个缓冲区下溢漏洞。利用该漏洞要求进行认证,因为只有当共享类型为磁盘时才可访问有漏洞的函数。成功利用此漏洞的攻击者可以安装程序;查看、更改或删除数据;或者创建拥有完全用户权限的新帐户。 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Vista SP1 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2003 SP1 Microsoft Windows 2000SP4 Microsoft --------- Microsoft已经为此发布了一个安全公告(MS08-063)以及相应补丁: MS08-063:Vulnerability in SMB Could Allow Remote Code Execution (957095) 链接:<a href=http://www.microsoft.com/technet/security/Bulletin/MS08-063.mspx?pf=true target=_blank>http://www.microsoft.com/technet/security/Bulletin/MS08-063.mspx?pf=true</a> |
| id | SSV:4242 |
| last seen | 2017-11-19 |
| modified | 2008-10-15 |
| published | 2008-10-15 |
| reporter | Root |
| title | Microsoft Windows SMB缓冲区下溢漏洞(MS08-063) |
References
- http://www.securitytracker.com/id?1021049
- http://secunia.com/advisories/32249
- http://www.securityfocus.com/bid/31647
- http://www.us-cert.gov/cas/techalerts/TA08-288A.html
- http://marc.info/?l=bugtraq&m=122479227205998&w=2
- http://www.vupen.com/english/advisories/2008/2814
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45561
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45560
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5787
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-063