Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2008-1054 | First vendor Publication | 2008-02-27 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 6.4 | Attack Range | Network |
| Cvss Impact Score | 4.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1054 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 42980 | SurgeMail _lib_spawn_user_getpid Function HTTP Header Processing Overflow |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:14:57 |
|
| 2024-11-28 12:15:02 |
|
| 2021-05-04 12:07:11 |
|
| 2021-04-22 01:07:36 |
|
| 2020-05-23 00:21:20 |
|
| 2018-10-12 00:20:15 |
|
| 2017-08-08 09:23:53 |
|
| 2016-04-26 17:10:25 |
|
| 2013-05-11 00:10:28 |
|
