CVE-2008-2748

Current Description

Skulltag 0.97d2-RC2 and earlier allows remote attackers to cause a denial of service (daemon hang) via a series of long, malformed connect packets, related to these packets being "parsed multiple times."

Basic Data

PublishedJune 18, 2008
Last ModifiedOctober 11, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-20
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationSkulltag TeamSkulltag0.95c*******
    2.3ApplicationSkulltag TeamSkulltag0.95d*******
    2.3ApplicationSkulltag TeamSkulltag0.95e*******
    2.3ApplicationSkulltag TeamSkulltag0.95f*******
    2.3ApplicationSkulltag TeamSkulltag0.95g*******
    2.3ApplicationSkulltag TeamSkulltag0.95h*******
    2.3ApplicationSkulltag TeamSkulltag0.95i*******
    2.3ApplicationSkulltag TeamSkulltag0.95j*******
    2.3ApplicationSkulltag TeamSkulltag0.95k*******
    2.3ApplicationSkulltag TeamSkulltag0.96b*******
    2.3ApplicationSkulltag TeamSkulltag0.96c*******
    2.3ApplicationSkulltag TeamSkulltag0.96d*******
    2.3ApplicationSkulltag TeamSkulltag0.96e*******
    2.3ApplicationSkulltag TeamSkulltag0.96f*******
    2.3ApplicationSkulltag TeamSkulltag0.97b*******
    2.3ApplicationSkulltag TeamSkulltag0.97c*******
    2.3ApplicationSkulltag TeamSkulltag0.97c2*******
    2.3ApplicationSkulltag TeamSkulltag0.97c3*******
    2.3ApplicationSkulltag TeamSkulltag0.97d*******
    2.3ApplicationSkulltag TeamSkulltag0.97dbeta_1******
    2.3ApplicationSkulltag TeamSkulltag0.97dbeta_2******
    2.3ApplicationSkulltag TeamSkulltag0.97dbeta_3******
    2.3ApplicationSkulltag TeamSkulltag0.97dbeta_4******
    2.3ApplicationSkulltag TeamSkulltag0.97dbeta_4.1******
    2.3ApplicationSkulltag TeamSkulltag0.97dbeta_4.2******
    2.3ApplicationSkulltag TeamSkulltag0.97dbeta_4.3******
    2.3ApplicationSkulltag TeamSkulltag0.97drc10******
    2.3ApplicationSkulltag TeamSkulltag0.97drc9******
    2.3ApplicationSkulltag TeamSkulltag0.97d2rc2******
    2.3ApplicationSkulltag TeamSkulltag0.97d2rc3******

Vulnerable Software List

VendorProductVersions
Skulltag Team Skulltag 0.95c, 0.95d, 0.95e, 0.95f, 0.95g, 0.95h, 0.95i, 0.95j, 0.95k, 0.96b, 0.96c, 0.96d, 0.96e, 0.96f, 0.97b, 0.97c, 0.97c2, 0.97c3, 0.97d, 0.97d2

References

NameSourceURLTags
http://aluigi.org/poc/skulltagloop.ziphttp://aluigi.org/poc/skulltagloop.zipMISC
30668http://secunia.com/advisories/30668SECUNIAVendor Advisory
3953http://securityreason.com/securityalert/3953SREASON
http://skulltag.com/testing/public/Skulltag%20Version%20History.txthttp://skulltag.com/testing/public/Skulltag%20Version%20History.txtCONFIRM
20080616 Server freezed in Skulltag 0.97d2-RC2http://www.securityfocus.com/archive/1/493386/100/0/threadedBUGTRAQ
29760http://www.securityfocus.com/bid/29760BID
skulltag-packet-dos(43125)https://exchange.xforce.ibmcloud.com/vulnerabilities/43125XF