CVE-2010-0930
https://notcve.org/view.php?id=CVE-2010-0930
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (infinite loop) via crafted data that includes a byte sequence of 0xdc, 0xff, 0xff, and 0xff immediately before the client protocol version number. El servicio Perforce (p4s.exe) en Perforce Server 2008.1 permite a atacantes remotos producir una denegacion de servicio (bucle infinito) a traves de datos manipulados que incluyen una secuencia de bytes 0xdc, 0xff, 0xff, y 0xff inmediatamente antes del numero de version del protocolo del cliente. • http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html http://www.securityfocus.com/bid/36261 • CWE-399: Resource Management Errors •
CVE-2010-0931
https://notcve.org/view.php?id=CVE-2010-0931
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data, possibly involving a large sndbuf value. El servicio Perforce (p4s.exe) en Perforce Server 2008.1 permite a atacantes remotos producir una denegacion de servicio (caida de demonio) a traves de datos manipulados que posiblemente incluyan a valor grande de sndbuf. • http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html http://www.securityfocus.com/bid/36261 • CWE-20: Improper Input Validation •
CVE-2010-0933
https://notcve.org/view.php?id=CVE-2010-0933
Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the "p4 add" command. Vulnerabilidad de salto de directorio en Perforce Server 2008.1 permite a usuarios remotos autenticados crear ficheros arbitrarios a traves de ..(punto punto) en el argumento del comando "añadir p4". • http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html http://www.securityfocus.com/bid/36261 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2008-1338
https://notcve.org/view.php?id=CVE-2008-1338
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a server-DiffFile command with an integer value within a certain range, which causes a loop until all memory is exhausted. El servicio Perforce (p4s.exe) de Perforce Server 2007.3/143793 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (parada del servicio) mediante la utilización de un comando server-DiffFile con un valor entero dentro de cierto rango, causando un bucle de ejecución hasta que toda la memoria es ocupada. • http://aluigi.altervista.org/adv/perforces-adv.txt http://aluigi.org/poc/perforces.zip http://secunia.com/advisories/29231 http://securityreason.com/securityalert/3735 http://www.securityfocus.com/archive/1/489179/100/0/threaded http://www.securityfocus.com/bid/28108 https://exchange.xforce.ibmcloud.com/vulnerabilities/41017 https://exchange.xforce.ibmcloud.com/vulnerabilities/41361 • CWE-189: Numeric Errors •
CVE-2008-1302
https://notcve.org/view.php?id=CVE-2008-1302
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) server-DiffFile or (2) server-ReleaseFile command with a large integer value, which is used in an array initialization calculation, and leads to invalid memory access. El servicio Perforce (p4s.exe) en Perforce Server 2007.3/143793 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de los comandos (1) server-DiffFile o (2) server-ReleaseFile con un valor entero grande, el cual es utilizado en un cálculo de inicialización de array y lleva a un acceso a memoria no válido. • http://aluigi.altervista.org/adv/perforces-adv.txt http://aluigi.org/poc/perforces.zip http://secunia.com/advisories/29231 http://securityreason.com/securityalert/3735 http://www.securityfocus.com/archive/1/489179/100/0/threaded http://www.securityfocus.com/bid/28108 https://exchange.xforce.ibmcloud.com/vulnerabilities/41016 https://exchange.xforce.ibmcloud.com/vulnerabilities/41363 • CWE-189: Numeric Errors •