CVE-2008-5408

Severity Score

9.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Buffer overflow in the data management protocol in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2008-5407.

Desbordamiento de búfer en el protocolo de administración de datos en Symantec Backup Exec para Windows Servers 11.0 (alias 11d) builds 6235 y 7170, 12.0 build 1364, y 12.5 build 2213 permiten a los usuarios autenticados remotamente causar una denegación de servicios (caída de la aplicación) y posiblemente ejecutar arbitrariamente código a través de vectores desconocidos. NOTA: esto puede ser explotado por un atacante remoto no autentificado por la utilización de CVE-2008-5407.

*Credits: N/A

CVSS Scores

NISTv2 9.0

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-12-08 CVE Reserved
2008-12-09 CVE Published
2023-12-23 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (7)

URL	Tag	Source
http://www.securitytracker.com/id?1021246	Vdb Entry
http://www.vupen.com/english/advisories/2008/3209	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/46731	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://securityresponse.symantec.com/avcenter/security/Content/2008.11.19.html	2017-08-08
http://seer.entsupport.symantec.com/docs/314528.htm	2017-08-08
http://www.securityfocus.com/bid/32346	2017-08-08

URL	Date	SRC
http://secunia.com/advisories/32810	2017-08-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Symantec Search vendor "Symantec"		Backup Exec For Windows Server Search vendor "Symantec" for product "Backup Exec For Windows Server"				11d Search vendor "Symantec" for product "Backup Exec For Windows Server" and version "11d"		11.0.6235		Affected
Symantec Search vendor "Symantec"		Backup Exec For Windows Server Search vendor "Symantec" for product "Backup Exec For Windows Server"				11d Search vendor "Symantec" for product "Backup Exec For Windows Server" and version "11d"		11.0.7170		Affected
Symantec Search vendor "Symantec"		Backup Exec For Windows Server Search vendor "Symantec" for product "Backup Exec For Windows Server"				12.0 Search vendor "Symantec" for product "Backup Exec For Windows Server" and version "12.0"		12.0.1364		Affected
Symantec Search vendor "Symantec"		Backup Exec For Windows Server Search vendor "Symantec" for product "Backup Exec For Windows Server"				12.5 Search vendor "Symantec" for product "Backup Exec For Windows Server" and version "12.5"		12.5.2213		Affected