cnvd - cnvd-2018-09980

CNVD-2018-09980

Vulnerability from cnvd - Published: 2018-05-22

Title

Unisys Stealth SVG拒绝服务漏洞

Description

Unisys Stealth SVG是美国Unisys公司的一套安全虚拟网关解决方案。Stealth endpoint是其中的一个隐形端点程序。 Unisys Stealth SVG中的Stealth端点存在安全漏洞。远程攻击者可借助特制的数据包利用该漏洞造成拒绝服务（崩溃）。

Severity

中

Patch Name

Unisys Stealth SVG拒绝服务漏洞的补丁

Patch Description

Unisys Stealth SVG是美国Unisys公司的一套安全虚拟网关解决方案。Stealth endpoint是其中的一个隐形端点程序。 Unisys Stealth SVG中的Stealth端点存在安全漏洞。远程攻击者可借助特制的数据包利用该漏洞造成拒绝服务（崩溃）。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： http://www.unisys.com/

Reference

http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=4

Impacted products

Name
['Unisys Stealth SVG 2.8.', 'Unisys Stealth SVG 3.0.;<3.0.1999', 'Unisys Stealth SVG 3.1.', 'Unisys Stealth SVG 3.2.;<3.2.030', 'Unisys Stealth SVG 3.3.x*;<3.3.016']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-8049",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8049"
    }
  },
  "description": "Unisys Stealth SVG\u662f\u7f8e\u56fdUnisys\u516c\u53f8\u7684\u4e00\u5957\u5b89\u5168\u865a\u62df\u7f51\u5173\u89e3\u51b3\u65b9\u6848\u3002Stealth endpoint\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u9690\u5f62\u7aef\u70b9\u7a0b\u5e8f\u3002\r\n\r\nUnisys Stealth SVG\u4e2d\u7684Stealth\u7aef\u70b9\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5d29\u6e83\uff09\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://www.unisys.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-09980",
  "openTime": "2018-05-22",
  "patchDescription": "Unisys Stealth SVG\u662f\u7f8e\u56fdUnisys\u516c\u53f8\u7684\u4e00\u5957\u5b89\u5168\u865a\u62df\u7f51\u5173\u89e3\u51b3\u65b9\u6848\u3002Stealth endpoint\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u9690\u5f62\u7aef\u70b9\u7a0b\u5e8f\u3002\r\n\r\nUnisys Stealth SVG\u4e2d\u7684Stealth\u7aef\u70b9\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5d29\u6e83\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Unisys Stealth SVG\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Unisys Stealth SVG 2.8.*",
      "Unisys Stealth SVG 3.0.*;\u003c3.0.1999",
      "Unisys Stealth SVG 3.1.*",
      "Unisys Stealth SVG 3.2.*;\u003c3.2.030",
      "Unisys Stealth SVG 3.3.x*;\u003c3.3.016"
    ]
  },
  "referenceLink": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=4",
  "serverity": "\u4e2d",
  "submitTime": "2018-04-24",
  "title": "Unisys Stealth SVG\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2018-8049 (GCVE-0-2018-8049)

Vulnerability from cvelistv5 – Published: 2018-04-03 22:00 – Updated: 2024-08-05 06:46

Summary

The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before 3.0.1999, 3.1.x, 3.2.x before 3.2.030, and 3.3.x before 3.3.016, when running on Linux and AIX, allows remote attackers to cause a denial of service (crash) via crafted packets.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

http://public.support.unisys.com/common/public/vu…

x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:46:12.248Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=48"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-03-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before 3.0.1999, 3.1.x, 3.2.x before 3.2.030, and 3.3.x before 3.3.016, when running on Linux and AIX, allows remote attackers to cause a denial of service (crash) via crafted packets."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-04T17:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=48"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-8049",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before 3.0.1999, 3.1.x, 3.2.x before 3.2.030, and 3.3.x before 3.3.016, when running on Linux and AIX, allows remote attackers to cause a denial of service (crash) via crafted packets."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=48",
              "refsource": "CONFIRM",
              "url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=48"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-8049",
    "datePublished": "2018-04-03T22:00:00",
    "dateReserved": "2018-03-11T00:00:00",
    "dateUpdated": "2024-08-05T06:46:12.248Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-09980

CVE-2018-8049 (GCVE-0-2018-8049)

Tags

Sightings

Nomenclature