5 - CVE-2008-2382

Executive Summary

Informations
Name	CVE-2008-2382	First vendor Publication	2008-12-24
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2382

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-399	Resource Management Errors

CPE : Common Platform Enumeration

Type	Description	Count
Application	Kvm Qumranet Kvm cpe:2.3:a:kvm_qumranet:kvm:79:::::::* cpe:2.3:a:kvm_qumranet:kvm:78:::::::* cpe:2.3:a:kvm_qumranet:kvm:77:::::::* cpe:2.3:a:kvm_qumranet:kvm:76:::::::* cpe:2.3:a:kvm_qumranet:kvm:75:::::::* cpe:2.3:a:kvm_qumranet:kvm:74:::::::* cpe:2.3:a:kvm_qumranet:kvm:73:::::::* cpe:2.3:a:kvm_qumranet:kvm:72:::::::* cpe:2.3:a:kvm_qumranet:kvm:71:::::::* cpe:2.3:a:kvm_qumranet:kvm:70:::::::* cpe:2.3:a:kvm_qumranet:kvm:69:::::::* cpe:2.3:a:kvm_qumranet:kvm:68:::::::* cpe:2.3:a:kvm_qumranet:kvm:67:::::::* cpe:2.3:a:kvm_qumranet:kvm:66:::::::* cpe:2.3:a:kvm_qumranet:kvm:65:::::::* cpe:2.3:a:kvm_qumranet:kvm:64:::::::* cpe:2.3:a:kvm_qumranet:kvm:63:::::::* cpe:2.3:a:kvm_qumranet:kvm:62:::::::* cpe:2.3:a:kvm_qumranet:kvm:61:::::::* cpe:2.3:a:kvm_qumranet:kvm:60:::::::* cpe:2.3:a:kvm_qumranet:kvm:59:::::::* cpe:2.3:a:kvm_qumranet:kvm:58:::::::* cpe:2.3:a:kvm_qumranet:kvm:57:::::::* cpe:2.3:a:kvm_qumranet:kvm:56:::::::* cpe:2.3:a:kvm_qumranet:kvm:55:::::::* cpe:2.3:a:kvm_qumranet:kvm:54:::::::* cpe:2.3:a:kvm_qumranet:kvm:53:::::::* cpe:2.3:a:kvm_qumranet:kvm:52:::::::* cpe:2.3:a:kvm_qumranet:kvm:51:::::::* cpe:2.3:a:kvm_qumranet:kvm:50:::::::* cpe:2.3:a:kvm_qumranet:kvm:49:::::::* cpe:2.3:a:kvm_qumranet:kvm:48:::::::* cpe:2.3:a:kvm_qumranet:kvm:47:::::::* cpe:2.3:a:kvm_qumranet:kvm:46:::::::* cpe:2.3:a:kvm_qumranet:kvm:45:::::::* cpe:2.3:a:kvm_qumranet:kvm:44:::::::* cpe:2.3:a:kvm_qumranet:kvm:43:::::::* cpe:2.3:a:kvm_qumranet:kvm:42:::::::* cpe:2.3:a:kvm_qumranet:kvm:41:::::::* cpe:2.3:a:kvm_qumranet:kvm:40:::::::* cpe:2.3:a:kvm_qumranet:kvm:39:::::::* cpe:2.3:a:kvm_qumranet:kvm:38:::::::* cpe:2.3:a:kvm_qumranet:kvm:37:::::::* cpe:2.3:a:kvm_qumranet:kvm:36:::::::* cpe:2.3:a:kvm_qumranet:kvm:35:::::::* cpe:2.3:a:kvm_qumranet:kvm:34:::::::* cpe:2.3:a:kvm_qumranet:kvm:33:::::::* cpe:2.3:a:kvm_qumranet:kvm:32:::::::* cpe:2.3:a:kvm_qumranet:kvm:31:::::::* cpe:2.3:a:kvm_qumranet:kvm:30:::::::* cpe:2.3:a:kvm_qumranet:kvm:29:::::::* cpe:2.3:a:kvm_qumranet:kvm:28:::::::* cpe:2.3:a:kvm_qumranet:kvm:27:::::::* cpe:2.3:a:kvm_qumranet:kvm:26:::::::* cpe:2.3:a:kvm_qumranet:kvm:25:::::::* cpe:2.3:a:kvm_qumranet:kvm:24:::::::* cpe:2.3:a:kvm_qumranet:kvm:23:::::::* cpe:2.3:a:kvm_qumranet:kvm:22:::::::* cpe:2.3:a:kvm_qumranet:kvm:21:::::::* cpe:2.3:a:kvm_qumranet:kvm:20:::::::* cpe:2.3:a:kvm_qumranet:kvm:19:::::::* cpe:2.3:a:kvm_qumranet:kvm:18:::::::* cpe:2.3:a:kvm_qumranet:kvm:17:::::::* cpe:2.3:a:kvm_qumranet:kvm:16:::::::* cpe:2.3:a:kvm_qumranet:kvm:15:::::::* cpe:2.3:a:kvm_qumranet:kvm:14:::::::* cpe:2.3:a:kvm_qumranet:kvm:13:::::::* cpe:2.3:a:kvm_qumranet:kvm:12:::::::* cpe:2.3:a:kvm_qumranet:kvm:11:::::::* cpe:2.3:a:kvm_qumranet:kvm:10:::::::* cpe:2.3:a:kvm_qumranet:kvm:9:::::::* cpe:2.3:a:kvm_qumranet:kvm:8:::::::* cpe:2.3:a:kvm_qumranet:kvm:7:::::::* cpe:2.3:a:kvm_qumranet:kvm:6:::::::* cpe:2.3:a:kvm_qumranet:kvm:5:::::::* cpe:2.3:a:kvm_qumranet:kvm:4:::::::* cpe:2.3:a:kvm_qumranet:kvm:3:::::::* cpe:2.3:a:kvm_qumranet:kvm:2:::::::* cpe:2.3:a:kvm_qumranet:kvm:1:::::::*	79
Application	Qemu cpe:2.3:a:qemu:qemu:0.9.1:::::::* cpe:2.3:a:qemu:qemu:0.9.0:::::::* cpe:2.3:a:qemu:qemu:0.8.2:::::::* cpe:2.3:a:qemu:qemu:0.8.1:::::::* cpe:2.3:a:qemu:qemu:0.8.0:::::::* cpe:2.3:a:qemu:qemu:0.7.2:::::::* cpe:2.3:a:qemu:qemu:0.7.1:::::::* cpe:2.3:a:qemu:qemu:0.7.0:::::::* cpe:2.3:a:qemu:qemu:0.6.1:::::::* cpe:2.3:a:qemu:qemu:0.6.0:::::::* cpe:2.3:a:qemu:qemu:0.5.5:::::::* cpe:2.3:a:qemu:qemu:0.5.4:::::::* cpe:2.3:a:qemu:qemu:0.5.3:::::::* cpe:2.3:a:qemu:qemu:0.5.2:::::::* cpe:2.3:a:qemu:qemu:0.5.1:::::::* cpe:2.3:a:qemu:qemu:0.5.0:::::::* cpe:2.3:a:qemu:qemu:0.4.3:::::::* cpe:2.3:a:qemu:qemu:0.4.2:::::::* cpe:2.3:a:qemu:qemu:0.4.1:::::::* cpe:2.3:a:qemu:qemu:0.4.0:::::::* cpe:2.3:a:qemu:qemu:0.3.0:::::::* cpe:2.3:a:qemu:qemu:0.2.0:::::::* cpe:2.3:a:qemu:qemu:0.1.6:::::::* cpe:2.3:a:qemu:qemu:0.1.5:::::::* cpe:2.3:a:qemu:qemu:0.1.4:::::::* cpe:2.3:a:qemu:qemu:0.1.3:::::::* cpe:2.3:a:qemu:qemu:0.1.2:::::::* cpe:2.3:a:qemu:qemu:0.1.1:::::::* cpe:2.3:a:qemu:qemu:0.1.0:::::::* cpe:2.3:a:qemu:qemu:::::::: cpe:2.3:a:qemu:qemu::r1::::::* cpe:2.3:a:qemu:qemu:-:::::::*	32

OpenVAS Exploits

Date	Description
2009-06-05	Name : Ubuntu USN-698-3 (nagios2) File : nvt/ubuntu_698_3.nasl
2009-06-05	Name : Ubuntu USN-707-1 (cupsys) File : nvt/ubuntu_707_1.nasl
2009-06-05	Name : Ubuntu USN-776-2 (kvm) File : nvt/ubuntu_776_2.nasl
2009-05-20	Name : Ubuntu USN-776-1 (kvm) File : nvt/ubuntu_776_1.nasl
2009-04-06	Name : SuSE Security Summary SUSE-SR:2009:008 File : nvt/suse_sr_2009_008.nasl
2009-02-13	Name : Fedora Update for kvm FEDORA-2008-11705 File : nvt/gb_fedora_2008_11705_kvm_fc9.nasl
2009-02-13	Name : Fedora Update for kvm FEDORA-2008-11727 File : nvt/gb_fedora_2008_11727_kvm_fc10.nasl
2009-01-20	Name : Mandrake Security Advisory MDVSA-2009:008 (qemu) File : nvt/mdksa_2009_008.nasl
2009-01-20	Name : Mandrake Security Advisory MDVSA-2009:009 (kvm) File : nvt/mdksa_2009_009.nasl
2009-01-20	Name : Mandrake Security Advisory MDVSA-2009:010 (qemu) File : nvt/mdksa_2009_010.nasl
2009-01-20	Name : SuSE Security Summary SUSE-SR:2009:002 File : nvt/suse_sr_2009_002.nasl
2009-01-20	Name : Ubuntu USN-708-1 (hplip) File : nvt/ubuntu_708_1.nasl
2009-01-07	Name : Ubuntu USN-702-1 (samba) File : nvt/ubuntu_702_1.nasl
2009-01-07	Name : Ubuntu USN-703-1 (xterm) File : nvt/ubuntu_703_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
52913	KVM kvm-79 VNC Server vnc.c protocol_client_msg Function Crafted Message Remo...
52912	QEMU VNC Server vnc.c protocol_client_msg Function Crafted Message Remote DoS

Nessus® Vulnerability Scanner

Date	Description
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_kvm-090112.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_qemu-090325.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_kvm-090112.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_qemu-090325.nasl - Type : ACT_GATHER_INFO
2009-05-14	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-776-2.nasl - Type : ACT_GATHER_INFO
2009-05-13	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-776-1.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Fedora host is missing a security update. File : fedora_2008-11727.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-008.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2009-009.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-010.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-703-1.nasl - Type : ACT_GATHER_INFO
2009-04-03	Name : The remote openSUSE host is missing a security update. File : suse_qemu-6123.nasl - Type : ACT_GATHER_INFO
2008-12-26	Name : The remote Fedora host is missing a security update. File : fedora_2008-11705.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
http://secunia.com/advisories/33293
http://secunia.com/advisories/33303
http://secunia.com/advisories/33350
http://secunia.com/advisories/33568
http://secunia.com/advisories/34642
http://secunia.com/advisories/35062
http://securityreason.com/securityalert/4803
http://securitytracker.com/id?1021488
http://securitytracker.com/id?1021489
http://www.coresecurity.com/content/vnc-remote-dos
http://www.securityfocus.com/archive/1/499502/100/0/threaded
http://www.securityfocus.com/bid/32910
http://www.ubuntu.com/usn/usn-776-1
http://www.vupen.com/english/advisories/2008/3488
http://www.vupen.com/english/advisories/2008/3489
https://exchange.xforce.ibmcloud.com/vulnerabilities/47561
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg0122...

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 23:12:37	Multiple Updates
2024-11-28 12:15:39	Multiple Updates
2021-05-05 01:04:45	Multiple Updates
2021-05-04 12:07:32	Multiple Updates
2021-04-22 01:07:56	Multiple Updates
2020-11-03 09:22:45	Multiple Updates
2020-11-02 17:22:45	Multiple Updates
2020-05-23 01:39:30	Multiple Updates
2020-05-23 00:21:44	Multiple Updates
2018-10-12 00:20:21	Multiple Updates
2018-09-07 12:04:28	Multiple Updates
2017-08-08 09:24:07	Multiple Updates
2016-04-26 17:25:47	Multiple Updates
2014-02-17 10:45:08	Multiple Updates
2013-05-11 00:17:49	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	111
Sources(s)	19
osvdb(s)	2
Openvas Exploit(s)	14
Nessus® Exploit(s)	13

	Related
9.3	USN-703-1
7.8	USN-776-2
7.8	USN-776-1
7.8	MDVSA-2009:009
7.8	MDVSA-2009:008
5	MDVSA-2009:010
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 6 more Alert(s)

5 - CVE-2008-2382

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU