Vulnerabilites related to bluecoat - winproxy
cve-2008-5121
Vulnerability from cvelistv5
Published
2008-11-18 00:00
Modified
2024-08-07 10:40
Severity ?
EPSS score ?
Summary
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:17.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#858993",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/858993"
},
{
"name": "ADV-2008-1867",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1867"
},
{
"name": "5837",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5837"
},
{
"name": "ADV-2008-1868",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1868"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digit-labs.org/files/exploits/dne2000-call.c"
},
{
"name": "30728",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30728"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX117751"
},
{
"name": "29772",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29772"
},
{
"name": "4600",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4600"
},
{
"name": "ADV-2008-1865",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1865"
},
{
"name": "30753",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30753"
},
{
"name": "multiple-vendors-dne2000-priv-escalation(43153)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43153"
},
{
"name": "ADV-2008-1866",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1866"
},
{
"name": "30744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30744"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsm25860"
},
{
"name": "30747",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30747"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\\\.\\DNE device interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#858993",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/858993"
},
{
"name": "ADV-2008-1867",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1867"
},
{
"name": "5837",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5837"
},
{
"name": "ADV-2008-1868",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1868"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digit-labs.org/files/exploits/dne2000-call.c"
},
{
"name": "30728",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30728"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX117751"
},
{
"name": "29772",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29772"
},
{
"name": "4600",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4600"
},
{
"name": "ADV-2008-1865",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1865"
},
{
"name": "30753",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30753"
},
{
"name": "multiple-vendors-dne2000-priv-escalation(43153)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43153"
},
{
"name": "ADV-2008-1866",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1866"
},
{
"name": "30744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30744"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsm25860"
},
{
"name": "30747",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30747"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\\\.\\DNE device interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#858993",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/858993"
},
{
"name": "ADV-2008-1867",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1867"
},
{
"name": "5837",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5837"
},
{
"name": "ADV-2008-1868",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1868"
},
{
"name": "http://www.digit-labs.org/files/exploits/dne2000-call.c",
"refsource": "MISC",
"url": "http://www.digit-labs.org/files/exploits/dne2000-call.c"
},
{
"name": "30728",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30728"
},
{
"name": "http://support.citrix.com/article/CTX117751",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX117751"
},
{
"name": "29772",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29772"
},
{
"name": "4600",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4600"
},
{
"name": "ADV-2008-1865",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1865"
},
{
"name": "30753",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30753"
},
{
"name": "multiple-vendors-dne2000-priv-escalation(43153)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43153"
},
{
"name": "ADV-2008-1866",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1866"
},
{
"name": "30744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30744"
},
{
"name": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsm25860",
"refsource": "MISC",
"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsm25860"
},
{
"name": "30747",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30747"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5121",
"datePublished": "2008-11-18T00:00:00",
"dateReserved": "2008-11-17T00:00:00",
"dateUpdated": "2024-08-07T10:40:17.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3187
Vulnerability from cvelistv5
Published
2006-01-05 23:00
Modified
2024-08-07 23:01
Severity ?
EPSS score ?
Summary
The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) via a long HTTP request that causes an out-of-bounds read.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.idefense.com/intelligence/vulnerabilities/display.php?id=363 | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.vupen.com/english/advisories/2006/0065 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/18288 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/16148 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:58.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060105 Blue Coat WinProxy Remote DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=363"
},
{
"name": "ADV-2006-0065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0065"
},
{
"name": "18288",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18288"
},
{
"name": "16148",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16148"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) via a long HTTP request that causes an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060105 Blue Coat WinProxy Remote DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=363"
},
{
"name": "ADV-2006-0065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0065"
},
{
"name": "18288",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18288"
},
{
"name": "16148",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16148"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) via a long HTTP request that causes an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060105 Blue Coat WinProxy Remote DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=363"
},
{
"name": "ADV-2006-0065",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0065"
},
{
"name": "18288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18288"
},
{
"name": "16148",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16148"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3187",
"datePublished": "2006-01-05T23:00:00",
"dateReserved": "2005-10-12T00:00:00",
"dateUpdated": "2024-08-07T23:01:58.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0796
Vulnerability from cvelistv5
Published
2007-02-06 19:00
Modified
2024-08-07 12:34
Severity ?
EPSS score ?
Summary
Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP CONNECT request, which triggers heap corruption.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/33097 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32204 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/22393 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1017586 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2007/0482 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/24049 | third-party-advisory, x_refsource_SECUNIA | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=471 | third-party-advisory, x_refsource_IDEFENSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33097",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33097"
},
{
"name": "winproxy-connect-bo(32204)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32204"
},
{
"name": "22393",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22393"
},
{
"name": "1017586",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017586"
},
{
"name": "ADV-2007-0482",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0482"
},
{
"name": "24049",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24049"
},
{
"name": "20070202 Blue Coat Systems WinProxy CONNECT Method Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=471"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP CONNECT request, which triggers heap corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33097",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33097"
},
{
"name": "winproxy-connect-bo(32204)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32204"
},
{
"name": "22393",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22393"
},
{
"name": "1017586",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017586"
},
{
"name": "ADV-2007-0482",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0482"
},
{
"name": "24049",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24049"
},
{
"name": "20070202 Blue Coat Systems WinProxy CONNECT Method Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=471"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP CONNECT request, which triggers heap corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33097",
"refsource": "OSVDB",
"url": "http://osvdb.org/33097"
},
{
"name": "winproxy-connect-bo(32204)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32204"
},
{
"name": "22393",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22393"
},
{
"name": "1017586",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017586"
},
{
"name": "ADV-2007-0482",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0482"
},
{
"name": "24049",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24049"
},
{
"name": "20070202 Blue Coat Systems WinProxy CONNECT Method Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=471"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0796",
"datePublished": "2007-02-06T19:00:00",
"dateReserved": "2007-02-06T00:00:00",
"dateUpdated": "2024-08-07T12:34:21.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2008-11-18 00:30
Modified
2024-11-21 00:53
Severity ?
Summary
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | deterministic_network_enhancer | 2.21.7.223 | |
| citrix | deterministic_network_enhancer | 3.21.7.17464 | |
| bluecoat | winproxy | * | |
| cisco | vpn_client | * | |
| safenet | highassurance_remote | * | |
| safenet | softremote_vpn_client | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:deterministic_network_enhancer:2.21.7.223:*:*:*:*:*:*:*",
"matchCriteriaId": "10F0D8E9-67F6-4484-9BD1-A16228A41D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:deterministic_network_enhancer:3.21.7.17464:*:*:*:*:*:*:*",
"matchCriteriaId": "153E29F0-3E68-4CF3-B5B3-8A63E101A650",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bluecoat:winproxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC5D863E-670D-4849-960B-FEEA70C95E74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "099829D2-EC37-4BEF-91B7-375478189C1B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:safenet:highassurance_remote:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7212B1EF-2AD3-42DD-A6D7-DB18F3ED2923",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:safenet:softremote_vpn_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C384818-1B30-4EBA-99DE-E64008F72985",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\\\.\\DNE device interface."
},
{
"lang": "es",
"value": "dne2000.sys en Citrix Deterministic Network Enhancer (DNE) desde la version 2.21.7.233 a la 3.21.7.17464, tal y como se usa en (1) Cisco VPN Client, (2) Blue Coat WinProxy, y (3) SafeNet SoftRemote y HighAssurance Remote, permite a usuarios locales obtener privilegios a trav\u00e9s de una petici\u00f3n DNE_IOCTL DeviceIoControl modificada a la interfaz de dispositivo \\\\.\\DNE .\r\n\r\n"
}
],
"id": "CVE-2008-5121",
"lastModified": "2024-11-21T00:53:20.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-11-18T00:30:00.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30728"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30744"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30747"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30753"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4600"
},
{
"source": "cve@mitre.org",
"url": "http://support.citrix.com/article/CTX117751"
},
{
"source": "cve@mitre.org",
"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsm25860"
},
{
"source": "cve@mitre.org",
"url": "http://www.digit-labs.org/files/exploits/dne2000-call.c"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/858993"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29772"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1865"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1866"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1867"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1868"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43153"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.citrix.com/article/CTX117751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsm25860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.digit-labs.org/files/exploits/dne2000-call.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/858993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5837"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2024-11-21 00:01
Severity ?
Summary
The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) via a long HTTP request that causes an out-of-bounds read.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bluecoat:winproxy:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E136E6F-0787-4E6C-BF59-36DC5F533E08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) via a long HTTP request that causes an out-of-bounds read."
}
],
"id": "CVE-2005-3187",
"lastModified": "2024-11-21T00:01:18.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18288"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=363"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16148"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0065"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-06 19:28
Modified
2024-11-21 00:26
Severity ?
Summary
Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP CONNECT request, which triggers heap corruption.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bluecoat:winproxy:6.0:r1c:*:*:*:*:*:*",
"matchCriteriaId": "4A20EC06-2199-496E-A71F-FDD0F745305B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluecoat:winproxy:6.1:r1a:*:*:*:*:*:*",
"matchCriteriaId": "606B7F19-B506-4FE9-9545-0A8C901B3CEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP CONNECT request, which triggers heap corruption."
},
{
"lang": "es",
"value": "Blue Coat Systems WinProxy 6.1a y 6.0 r1c, y posiblemente anteriores, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante una petici\u00f3n HTTP CONNECT larga, lo cual provoca la corrupci\u00f3n de la pila."
}
],
"id": "CVE-2007-0796",
"lastModified": "2024-11-21T00:26:45.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-06T19:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=471"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33097"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24049"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017586"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22393"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0482"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32204"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}