Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762) |
Informations | |||
---|---|---|---|
Name | MS08-036 | First vendor Publication | 2008-06-10 |
Vendor | Microsoft | Last vendor Modification | 2010-02-17 |
Severity (Vendor) | Important | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.1 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.1 (February 17, 2010): Added a link to Microsoft Knowledge Base Article 950762 under Known Issues in the Executive Summary.Summary: This security update resolves two privately reported vulnerabilities in the Pragmatic General Multicast (PGM) protocol that could allow a denial of service if malformed PGM packets are received by an affected system. An attacker who successfully exploited this vulnerability could cause a user?s system to become non-responsive and to require a restart to restore functionality. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS08-036.mspx |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
CAPEC-7 | Blind SQL Injection |
CAPEC-8 | Buffer Overflow in an API Call |
CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
CAPEC-10 | Buffer Overflow via Environment Variables |
CAPEC-13 | Subverting Environment Variable Values |
CAPEC-14 | Client-side Injection-induced Buffer Overflow |
CAPEC-18 | Embedding Scripts in Nonscript Elements |
CAPEC-22 | Exploiting Trust in Client (aka Make the Client Invisible) |
CAPEC-24 | Filter Failure through Buffer Overflow |
CAPEC-28 | Fuzzing |
CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
CAPEC-32 | Embedding Scripts in HTTP Query Strings |
CAPEC-42 | MIME Conversion |
CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
CAPEC-45 | Buffer Overflow via Symbolic Links |
CAPEC-46 | Overflow Variables and Tags |
CAPEC-47 | Buffer Overflow via Parameter Expansion |
CAPEC-52 | Embedding NULL Bytes |
CAPEC-53 | Postfix, Null Terminate, and Backslash |
CAPEC-63 | Simple Script Injection |
CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic |
CAPEC-66 | SQL Injection |
CAPEC-67 | String Format Overflow in syslog() |
CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic |
CAPEC-72 | URL Encoding |
CAPEC-73 | User-Controlled Filename |
CAPEC-78 | Using Escaped Slashes in Alternate Encoding |
CAPEC-79 | Using Slashes in Alternate Encoding |
CAPEC-80 | Using UTF-8 Encoding to Bypass Validation Logic |
CAPEC-81 | Web Logs Tampering |
CAPEC-83 | XPath Injection |
CAPEC-85 | Client Network Footprinting (using AJAX/XSS) |
CAPEC-86 | Embedding Script (XSS ) in HTTP Headers |
CAPEC-88 | OS Command Injection |
CAPEC-91 | XSS in IMG Tags |
CAPEC-99 | XML Parser Attack |
CAPEC-101 | Server Side Include (SSI) Injection |
CAPEC-104 | Cross Zone Scripting |
CAPEC-106 | Cross Site Scripting through Log Files |
CAPEC-108 | Command Line Execution through SQL Injection |
CAPEC-109 | Object Relational Mapping Injection |
CAPEC-110 | SQL Injection through SOAP Parameter Tampering |
CAPEC-171 | Variable Manipulation |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5473 | |||
Oval ID: | oval:org.mitre.oval:def:5473 | ||
Title: | PGM Invalid Length Vulnerability | ||
Description: | Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1440 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5604 | |||
Oval ID: | oval:org.mitre.oval:def:5604 | ||
Title: | PGM Malformed Fragment Vulnerability | ||
Description: | Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1441 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-01-10 | Name : Microsoft Pragmatic General Multicast (PGM) Denial of Service Vulnerability ... File : nvt/gb_ms08-036.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
46068 | Microsoft Windows Pragmatic General Multicast (PGM) Fragment Handling Remote DoS |
46067 | Microsoft Windows Pragmatic General Multicast (PGM) Packet Handling Remote DoS |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2008-06-12 | IAVM : 2008-T-0025 - Microsoft Pragmatic General Multicast (PGM) Denial of Service Vulnerabilities Severity : Category I - VMSKEY : V0016038 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Windows Pragmatic General Multicast Protocol memory consumption den... RuleID : 17667 - Revision : 6 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows PGM denial of service attempt RuleID : 13827 - Revision : 13 - Type : OS-WINDOWS |
2014-01-10 | Microsoft PGM fragment denial of service attempt RuleID : 13825 - Revision : 9 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-06-10 | Name : An unauthenticated attacker can crash the remote host. File : smb_nt_ms08-036.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:45:59 |
|
2014-01-19 21:30:12 |
|
2013-11-11 12:41:08 |
|
2013-05-11 00:49:20 |
|