CVE-2008-1303: Input Validation
First published: Wed Mar 12 2008(Updated: )
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a missing parameter to the (1) dm-FaultFile, (2) dm-LazyCheck, (3) dm-ResolvedFile, (4) dm-OpenFile, (5) crypto, and possibly unspecified other commands, which triggers a NULL pointer dereference.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Perforce Helix Core | <=2007.3_143793 | |
| Perforce Helix Core | =2000.1 | |
| Perforce Helix Core | =2000.2 | |
| Perforce Helix Core | =2001.1 | |
| Perforce Helix Core | =2001.2 | |
| Perforce Helix Core | =2002.1 | |
| Perforce Helix Core | =2002.2 | |
| Perforce Helix Core | =2003.1 | |
| Perforce Helix Core | =2003.2 | |
| Perforce Helix Core | =2004.2 | |
| Perforce Helix Core | =2005.1 | |
| Perforce Helix Core | =2005.2 | |
| Perforce Helix Core | =2006.1 | |
| Perforce Helix Core | =2006.2 | |
| Perforce Helix Core | =2007.2 | |
| Perforce Helix Core | =2007.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://aluigi.altervista.org/adv/perforces-adv.txt
- http://aluigi.org/poc/perforces.zip
- http://www.securityfocus.com/bid/28108
- http://secunia.com/advisories/29231
- http://securityreason.com/securityalert/3735
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41015
- http://www.securityfocus.com/archive/1/489179/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-1303?
CVE-2008-1303 is classified as a denial of service vulnerability.
How do I fix CVE-2008-1303?
To fix CVE-2008-1303, upgrade to a later version of Perforce Server that addresses the issue.
What versions of Perforce Server are affected by CVE-2008-1303?
CVE-2008-1303 affects Perforce Server versions up to and including 2007.3/143793.
What does CVE-2008-1303 exploit?
CVE-2008-1303 exploits missing parameters in several Perforce server commands, leading to a crash.
Can CVE-2008-1303 be exploited remotely?
Yes, CVE-2008-1303 can be exploited by remote attackers to cause a denial of service.
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/perforce
- canonical/perforce helix core
- version/perforce helix core/2007.3_143793
- version/perforce helix core/2000.1
- version/perforce helix core/2000.2
- version/perforce helix core/2001.1
- version/perforce helix core/2001.2
- version/perforce helix core/2002.1
- version/perforce helix core/2002.2
- version/perforce helix core/2003.1
- version/perforce helix core/2003.2
- version/perforce helix core/2004.2
- version/perforce helix core/2005.1
- version/perforce helix core/2005.2
- version/perforce helix core/2006.1
- version/perforce helix core/2006.2
- version/perforce helix core/2007.2
- version/perforce helix core/2007.3