Sign-up

ID

VAR-200804-0377


CVE

CVE-2008-1905


TITLE

Nero MediaHome NMMediaServer.EXE Remote Denial of Service Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2008-1924 // BID: 28775

DESCRIPTION

NMMediaServer.exe in Nero MediaHome 3.3.3.0 and earlier, as used in Nero 8.3.2.1 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long HTTP request to TCP port 54444, a different vector than CVE-2007-2322. Nero MediaHome is a media server component in the Nero suite that allows media files to be shared on a local area network. Nero MediaHome is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. An attacker can exploit this issue to crash the affected application, denying further service to legitimate users. This issue affects Nero MediaHome 3.3.3.0. Other versions may also be affected. ---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta 17 days left of beta period. The 1st generation of the Secunia Network Software Inspector (NSI) has been available for corporate users for almost 1 year and its been a tremendous success. The 2nd generation Secunia NSI is built on the same technology as the award winning Secunia PSI, which has already been downloaded and installed on more than 400,000 computers world wide. Learn more / Download (instant access): http://secunia.com/network_software_inspector_2/ ---------------------------------------------------------------------- TITLE: Nero MediaHome Denial of Service Vulnerability SECUNIA ADVISORY ID: SA29808 VERIFY ADVISORY: http://secunia.com/advisories/29808/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network SOFTWARE: Nero MediaHome 3.x http://secunia.com/product/17236/ DESCRIPTION: Luigi Auriemma has discovered a vulnerability in Nero MediaHome, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a NULL-pointer dereference error in NMMediaServer.exe and can be exploited to cause the process to crash via e.g. sending an overly long string to default port 54444/TCP. SOLUTION: Use in a trusted network environment only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/neromedia-adv.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.61

sources: NVD: CVE-2008-1905 // JVNDB: JVNDB-2008-004363 // CNVD: CNVD-2008-1924 // BID: 28775 // VULMON: CVE-2008-1905 // PACKETSTORM: 65479

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2008-1924

AFFECTED PRODUCTS

vendor:neromodel:neroscope:lteversion:8.3.2.1

Trust: 1.8

vendor:neromodel:mediahomescope:lteversion:3.3.3.0

Trust: 1.8

vendor:neromodel:mediahomescope:eqversion:3.3.3.0

Trust: 0.9

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:neromodel:neroscope:eqversion:8.3.2.1

Trust: 0.6

sources: CNVD: CNVD-2008-1924 // BID: 28775 // JVNDB: JVNDB-2008-004363 // CNNVD: CNNVD-200804-324 // NVD: CVE-2008-1905

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-1905
value: MEDIUM

Trust: 1.0

NVD: CVE-2008-1905
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2008-1924
value: HIGH

Trust: 0.6

CNNVD: CNNVD-200804-324
value: MEDIUM

Trust: 0.6

VULMON: CVE-2008-1905
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-1905
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2008-1924
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2008-1924 // VULMON: CVE-2008-1905 // JVNDB: JVNDB-2008-004363 // CNNVD: CNNVD-200804-324 // NVD: CVE-2008-1905

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2008-004363 // NVD: CVE-2008-1905

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200804-324

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200804-324

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-004363

PATCH
title:MediaHomeurl:http://www.nero.com/enu/mediahome4-introduction.html?NeroSID=3180c228999fe123c559f7372de4ba86
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-004363

EXTERNAL IDS
db:NVDid:CVE-2008-1905
Trust: 2.8
db:SECUNIAid:29808
Trust: 2.4
db:BIDid:28775
Trust: 2.0
db:VUPENid:ADV-2008-1216
Trust: 1.7
db:JVNDBid:JVNDB-2008-004363
Trust: 0.8
db:CNVDid:CNVD-2008-1924
Trust: 0.6
db:CNNVDid:CNNVD-200804-324
Trust: 0.6
db:VULMONid:CVE-2008-1905
Trust: 0.1
db:PACKETSTORMid:65479
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2008-1924 // 
            
            
            
            VULMON: CVE-2008-1905 // 
            
            
            
            BID: 28775 // 
            
            
            
            JVNDB: JVNDB-2008-004363 // 
            
            
            
            PACKETSTORM: 65479 // 
            
            
            
            CNNVD: CNNVD-200804-324 // 
            
            
            
            NVD: CVE-2008-1905

REFERENCES
url:http://aluigi.altervista.org/adv/neromedia-adv.txt
Trust: 2.1
url:http://secunia.com/advisories/29808
Trust: 1.7
url:http://www.vupen.com/english/advisories/2008/1216/references
Trust: 1.1
url:http://www.securityfocus.com/bid/28775
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/41795
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1905
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1905
Trust: 0.8
url:http://secunia.com/advisories/29808/
Trust: 0.7
url:http://www.frsirt.com/english/advisories/2008/1216/references
Trust: 0.6
url:http://www.nero.com/nero7/eng/nero_mediahome.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/17236/
Trust: 0.1
url:http://secunia.com/network_software_inspector_2/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2008-1924 // 
            
            
            
            VULMON: CVE-2008-1905 // 
            
            
            
            BID: 28775 // 
            
            
            
            JVNDB: JVNDB-2008-004363 // 
            
            
            
            PACKETSTORM: 65479 // 
            
            
            
            CNNVD: CNNVD-200804-324 // 
            
            
            
            NVD: CVE-2008-1905

CREDITS
Luigi Auriemma
Trust: 0.3
sources:
            
            
            BID: 28775

SOURCES
db:CNVDid:CNVD-2008-1924
db:VULMONid:CVE-2008-1905
db:BIDid:28775
db:JVNDBid:JVNDB-2008-004363
db:PACKETSTORMid:65479
db:CNNVDid:CNNVD-200804-324
db:NVDid:CVE-2008-1905

LAST UPDATE DATE
2025-04-10T23:20:52.451000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2008-1924date:2014-01-24T00:00:00
db:VULMONid:CVE-2008-1905date:2017-08-08T00:00:00
db:BIDid:28775date:2015-05-07T17:29:00
db:JVNDBid:JVNDB-2008-004363date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200804-324date:2008-09-05T00:00:00
db:NVDid:CVE-2008-1905date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:CNVDid:CNVD-2008-1924date:2008-04-14T00:00:00
db:VULMONid:CVE-2008-1905date:2008-04-22T00:00:00
db:BIDid:28775date:2008-04-14T00:00:00
db:JVNDBid:JVNDB-2008-004363date:2012-09-25T00:00:00
db:PACKETSTORMid:65479date:2008-04-14T21:48:17
db:CNNVDid:CNNVD-200804-324date:2008-04-22T00:00:00
db:NVDid:CVE-2008-1905date:2008-04-22T04:41:00