cve-2008-4114
Vulnerability from cvelistv5
Published
2008-09-16 23:00
Modified
2024-08-07 10:00
Severity ?
Summary
srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
References
cve@mitre.orghttp://secunia.com/advisories/31883Vendor Advisory
cve@mitre.orghttp://www.reversemode.com/index.php?option=com_content&task=view&id=54&Itemid=1Exploit
cve@mitre.orghttp://www.securityfocus.com/archive/1/496354/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/31179Exploit
cve@mitre.orghttp://www.securitytracker.com/id?1020887
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA09-013A.htmlUS Government Resource
cve@mitre.orghttp://www.vallejo.cc/proyectos/vista_SMB_write_DoS.htmExploit
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/2583Vendor Advisory
cve@mitre.orghttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/45146
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5262
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6044
cve@mitre.orghttps://www.exploit-db.com/exploits/6463
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31883Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.reversemode.com/index.php?option=com_content&task=view&id=54&Itemid=1Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/496354/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/31179Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020887
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-013A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vallejo.cc/proyectos/vista_SMB_write_DoS.htmExploit
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2583Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/45146
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5262
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6044
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/6463
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:00:42.508Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:6044",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6044"
          },
          {
            "name": "6463",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/6463"
          },
          {
            "name": "31179",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31179"
          },
          {
            "name": "MS09-001",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001"
          },
          {
            "name": "31883",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31883"
          },
          {
            "name": "ADV-2008-2583",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2583"
          },
          {
            "name": "TA09-013A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-013A.html"
          },
          {
            "name": "win-writeandx-dos(45146)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45146"
          },
          {
            "name": "1020887",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020887"
          },
          {
            "name": "oval:org.mitre.oval:def:5262",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5262"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.vallejo.cc/proyectos/vista_SMB_write_DoS.htm"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.reversemode.com/index.php?option=com_content\u0026task=view\u0026id=54\u0026Itemid=1"
          },
          {
            "name": "20080914 Microsoft Windows WRITE_ANDX SMB command handling Kernel DoS",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/496354/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to \"insufficiently validating the buffer size,\" as demonstrated by a request to the \\PIPE\\lsarpc named pipe, aka \"SMB Validation Denial of Service Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:6044",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6044"
        },
        {
          "name": "6463",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/6463"
        },
        {
          "name": "31179",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31179"
        },
        {
          "name": "MS09-001",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001"
        },
        {
          "name": "31883",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31883"
        },
        {
          "name": "ADV-2008-2583",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2583"
        },
        {
          "name": "TA09-013A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-013A.html"
        },
        {
          "name": "win-writeandx-dos(45146)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45146"
        },
        {
          "name": "1020887",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020887"
        },
        {
          "name": "oval:org.mitre.oval:def:5262",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5262"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.vallejo.cc/proyectos/vista_SMB_write_DoS.htm"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.reversemode.com/index.php?option=com_content\u0026task=view\u0026id=54\u0026Itemid=1"
        },
        {
          "name": "20080914 Microsoft Windows WRITE_ANDX SMB command handling Kernel DoS",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/496354/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4114",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to \"insufficiently validating the buffer size,\" as demonstrated by a request to the \\PIPE\\lsarpc named pipe, aka \"SMB Validation Denial of Service Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:6044",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6044"
            },
            {
              "name": "6463",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/6463"
            },
            {
              "name": "31179",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31179"
            },
            {
              "name": "MS09-001",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001"
            },
            {
              "name": "31883",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31883"
            },
            {
              "name": "ADV-2008-2583",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2583"
            },
            {
              "name": "TA09-013A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-013A.html"
            },
            {
              "name": "win-writeandx-dos(45146)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45146"
            },
            {
              "name": "1020887",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020887"
            },
            {
              "name": "oval:org.mitre.oval:def:5262",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5262"
            },
            {
              "name": "http://www.vallejo.cc/proyectos/vista_SMB_write_DoS.htm",
              "refsource": "MISC",
              "url": "http://www.vallejo.cc/proyectos/vista_SMB_write_DoS.htm"
            },
            {
              "name": "http://www.reversemode.com/index.php?option=com_content\u0026task=view\u0026id=54\u0026Itemid=1",
              "refsource": "MISC",
              "url": "http://www.reversemode.com/index.php?option=com_content\u0026task=view\u0026id=54\u0026Itemid=1"
            },
            {
              "name": "20080914 Microsoft Windows WRITE_ANDX SMB command handling Kernel DoS",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/496354/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-4114",
    "datePublished": "2008-09-16T23:00:00",
    "dateReserved": "2008-09-16T00:00:00",
    "dateUpdated": "2024-08-07T10:00:42.508Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31A64C69-D182-4BEC-BA8A-7B405F5B2FC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA778424-6F70-4AB6-ADD5-5D4664DFE463\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"BCE2197B-7C58-4693-B9BB-0B31EABB6B66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D3B5E4F-56A6-4696-BBB4-19DF3613D020\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"7F6EA111-A4E6-4963-A0C8-F9336C605B6E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*\", \"matchCriteriaId\": \"9CFB1A97-8042-4497-A45D-C014B5E240AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*\", \"matchCriteriaId\": \"7F9C7616-658D-409D-8B53-AC00DC55602A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*\", \"matchCriteriaId\": \"F9DC56EB-EDC4-4DFE-BA9B-B17FF4A91734\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"C162FFF0-1E8F-4DCF-A08F-6C6E324ED878\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:gold:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D12423F-FCCD-4F4C-9037-7607C1F1F99E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:sp1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49F99773-D1AF-4596-856A-CA164D4B68E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:*:pro_x64:*:*:*:*:*\", \"matchCriteriaId\": \"29EDE745-5A26-42BF-AFDE-7D985BB09D44\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B339C33-8896-4896-88FF-88E74FDBC543\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*\", \"matchCriteriaId\": \"2D48D876-6A88-4B52-9322-9F019BFA19B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE477A73-4EE4-41E9-8694-5A3D5DC88656\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to \\\"insufficiently validating the buffer size,\\\" as demonstrated by a request to the \\\\PIPE\\\\lsarpc named pipe, aka \\\"SMB Validation Denial of Service Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"SRV.sys en el servicio de servidor en Microsoft Windows versiones 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, vista Gold y SP1, y Server 2008 permite a los atacantes remotos causar una denegaci\\u00f3n de servicio (bloqueo de sistema) o posiblemente tener otro impacto no especificado por medio de un paquete SMB WRITE_ANDX con un desplazamiento que es incompatible con el tama\\u00f1o del paquete, relacionado con \\\"insufficiently validating the buffer size\\\", como fue demostrado por una petici\\u00f3n a la tuber\\u00eda llamada \\\\PIPE\\\\lsarpc , tambi\\u00e9n conocida como \\\"SMB Validation Denial of Service Vulnerability\\\"\"}]",
      "id": "CVE-2008-4114",
      "lastModified": "2024-11-21T00:50:56.067",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-09-16T23:00:01.430",
      "references": "[{\"url\": \"http://secunia.com/advisories/31883\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.reversemode.com/index.php?option=com_content\u0026task=view\u0026id=54\u0026Itemid=1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/496354/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/31179\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1020887\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-013A.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vallejo.cc/proyectos/vista_SMB_write_DoS.htm\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2583\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/45146\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5262\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6044\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/6463\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/31883\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.reversemode.com/index.php?option=com_content\u0026task=view\u0026id=54\u0026Itemid=1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/496354/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/31179\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1020887\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-013A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vallejo.cc/proyectos/vista_SMB_write_DoS.htm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2583\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/45146\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5262\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6044\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/6463\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-4114\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-09-16T23:00:01.430\",\"lastModified\":\"2024-11-21T00:50:56.067\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to \\\"insufficiently validating the buffer size,\\\" as demonstrated by a request to the \\\\PIPE\\\\lsarpc named pipe, aka \\\"SMB Validation Denial of Service Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"SRV.sys en el servicio de servidor en Microsoft Windows versiones 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, vista Gold y SP1, y Server 2008 permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo de sistema) o posiblemente tener otro impacto no especificado por medio de un paquete SMB WRITE_ANDX con un desplazamiento que es incompatible con el tama\u00f1o del paquete, relacionado con \\\"insufficiently validating the buffer size\\\", como fue demostrado por una petici\u00f3n a la tuber\u00eda llamada \\\\PIPE\\\\lsarpc , tambi\u00e9n conocida como \\\"SMB Validation Denial of Service Vulnerability\\\"\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:C\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31A64C69-D182-4BEC-BA8A-7B405F5B2FC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA778424-6F70-4AB6-ADD5-5D4664DFE463\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"BCE2197B-7C58-4693-B9BB-0B31EABB6B66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D3B5E4F-56A6-4696-BBB4-19DF3613D020\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"7F6EA111-A4E6-4963-A0C8-F9336C605B6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*\",\"matchCriteriaId\":\"9CFB1A97-8042-4497-A45D-C014B5E240AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"7F9C7616-658D-409D-8B53-AC00DC55602A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*\",\"matchCriteriaId\":\"F9DC56EB-EDC4-4DFE-BA9B-B17FF4A91734\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C162FFF0-1E8F-4DCF-A08F-6C6E324ED878\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:gold:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D12423F-FCCD-4F4C-9037-7607C1F1F99E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:sp1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49F99773-D1AF-4596-856A-CA164D4B68E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:*:pro_x64:*:*:*:*:*\",\"matchCriteriaId\":\"29EDE745-5A26-42BF-AFDE-7D985BB09D44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B339C33-8896-4896-88FF-88E74FDBC543\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*\",\"matchCriteriaId\":\"2D48D876-6A88-4B52-9322-9F019BFA19B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE477A73-4EE4-41E9-8694-5A3D5DC88656\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/31883\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.reversemode.com/index.php?option=com_content\u0026task=view\u0026id=54\u0026Itemid=1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/archive/1/496354/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/31179\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1020887\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-013A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vallejo.cc/proyectos/vista_SMB_write_DoS.htm\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2583\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/45146\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5262\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6044\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/6463\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/31883\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.reversemode.com/index.php?option=com_content\u0026task=view\u0026id=54\u0026Itemid=1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/archive/1/496354/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/31179\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1020887\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-013A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vallejo.cc/proyectos/vista_SMB_write_DoS.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2583\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/45146\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5262\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6044\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/6463\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.