CVE-2012-0698

tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a denial of service (daemon crash) via a crafted type_offset value in a TCP packet to port 30003.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692649
http://packetstormsecurity.com/files/118281/TrouSerS-Denial-Of-Service.html
http://secunia.com/advisories/51295
http://sourceforge.net/tracker/index.php?func=detail&aid=3473554&group_id=126012&atid=704358
http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers%3Ba=commit%3Bh=50dd06a6f639b76b3bb629606ef71b2dc5407601
http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers%3Ba=commit%3Bh=ae0c2f8c1fd7a96ba0191f83b6057f8cbc51e786
http://www.debian.org/security/2012/dsa-2576
http://www.exploit-db.com/exploits/22904/	Exploit
https://blogs.oracle.com/sunsecurity/entry/cve_2012_0698_denial_of
https://bugzilla.redhat.com/show_bug.cgi?id=781648
https://exchange.xforce.ibmcloud.com/vulnerabilities/80226

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:trustedcomputinggroup:trousers::::::::
	cpe:2.3:a:trustedcomputinggroup:trousers:0.2.8:::::::*
	cpe:2.3:a:trustedcomputinggroup:trousers:0.2.9:::::::*
	cpe:2.3:a:trustedcomputinggroup:trousers:0.2.9.1:::::::*
	cpe:2.3:a:trustedcomputinggroup:trousers:0.2.9.2:::::::*
	cpe:2.3:a:trustedcomputinggroup:trousers:0.3.0:::::::*
	cpe:2.3:a:trustedcomputinggroup:trousers:0.3.1:::::::*
	cpe:2.3:a:trustedcomputinggroup:trousers:0.3.2:::::::*
	cpe:2.3:a:trustedcomputinggroup:trousers:0.3.3:::::::*
	cpe:2.3:a:trustedcomputinggroup:trousers:0.3.4:::::::*
	cpe:2.3:a:trustedcomputinggroup:trousers:0.3.5:::::::*
	cpe:2.3:a:trustedcomputinggroup:trousers:0.3.6:::::::*
	cpe:2.3:a:trustedcomputinggroup:trousers:0.3.7:::::::*
	cpe:2.3:a:trustedcomputinggroup:trousers:0.3.8:::::::*

History

No history.

Information

Published : 2012-11-26 12:45

Updated : 2023-11-07 02:10

NVD link : CVE-2012-0698

Mitre link : CVE-2012-0698

CVE.ORG link : CVE-2012-0698

JSON object : View

Products Affected

trustedcomputinggroup

trousers

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2012-0698", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-11-26T12:45:22.033", "references": [{"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692649", "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/118281/TrouSerS-Denial-Of-Service.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/51295", "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/tracker/index.php?func=detail&aid=3473554&group_id=126012&atid=704358", "source": "cve@mitre.org"}, {"url": "http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers%3Ba=commit%3Bh=50dd06a6f639b76b3bb629606ef71b2dc5407601", "source": "cve@mitre.org"}, {"url": "http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers%3Ba=commit%3Bh=ae0c2f8c1fd7a96ba0191f83b6057f8cbc51e786", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2012/dsa-2576", "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/22904/", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0698_denial_of", "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=781648", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80226", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a denial of service (daemon crash) via a crafted type_offset value in a TCP packet to port 30003."}, {"lang": "es", "value": "tcsd en TrouSerS antes de v0.3.10 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de un valor type_offset modificado en un paquete TCP al puerto 30003."}], "lastModified": "2023-11-07T02:10:01.203", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trustedcomputinggroup:trousers:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B26BB7FF-78B5-4403-8B3B-F58F1935BF6B", "versionEndIncluding": "0.3.9"}, {"criteria": "cpe:2.3:a:trustedcomputinggroup:trousers:0.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE19CB10-C035-4B8D-84FF-AB8A966C5EFD"}, {"criteria": "cpe:2.3:a:trustedcomputinggroup:trousers:0.2.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90D36A6D-9B71-4178-A378-02C7697CF4A7"}, {"criteria": "cpe:2.3:a:trustedcomputinggroup:trousers:0.2.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76ADC112-FD85-440C-AAC1-61D5823D6D33"}, {"criteria": "cpe:2.3:a:trustedcomputinggroup:trousers:0.2.9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE01B981-2777-4F9B-BE21-9D4C45FED2FB"}, {"criteria": "cpe:2.3:a:trustedcomputinggroup:trousers:0.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD2A21D4-0CD4-4F86-B62E-EF709A7385C7"}, {"criteria": "cpe:2.3:a:trustedcomputinggroup:trousers:0.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57B39D1D-4E95-4B7D-8350-CE28143040ED"}, {"criteria": "cpe:2.3:a:trustedcomputinggroup:trousers:0.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D27E537A-ED8C-489B-A168-B91F8480FEDF"}, {"criteria": "cpe:2.3:a:trustedcomputinggroup:trousers:0.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63026279-C382-4D29-AC6F-4694473AA0A4"}, {"criteria": "cpe:2.3:a:trustedcomputinggroup:trousers:0.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8C5ABBC-BA8B-4117-BBFA-05D7939659DE"}, {"criteria": "cpe:2.3:a:trustedcomputinggroup:trousers:0.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32F8EDAB-E94F-4B51-B1EE-4D91BD309C4E"}, {"criteria": "cpe:2.3:a:trustedcomputinggroup:trousers:0.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56532F08-D7E0-4D1F-BE96-7B0723A05902"}, {"criteria": "cpe:2.3:a:trustedcomputinggroup:trousers:0.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B9BE423-849E-42B6-AADA-6962BD3211E2"}, {"criteria": "cpe:2.3:a:trustedcomputinggroup:trousers:0.3.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33E8A081-91EC-4A50-BBC5-57EAB15840A3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

5.0 /10