Sign-up

ID

VAR-200805-0149


CVE

CVE-2008-2092


TITLE

Linksys SPA-2102 Phone Adapter Packet Handling Denial of Service Vulnerability

Trust: 0.9

sources: BID: 28414 // CNNVD: CNNVD-200805-044

DESCRIPTION

Linksys SPA-2102 Phone Adapter 3.3.6 allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: the severity of this issue has been disputed since there are limited attack scenarios. Linksys SPA-2102 Phone Adapter is prone to a denial-of-service vulnerability when handling multiple packets in quick succession. Attackers can exploit this issue to deny access to the device's control center for legitimate users. Reports indicate that this issue is exploitable only via computers on the same LAN as the device. Linksys SPA-2102 Phone Adapter running firmware 3.3.6 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta 4 days left of beta period. The 1st generation of the Secunia Network Software Inspector (NSI) has been available for corporate users for almost 1 year and its been a tremendous success. The 2nd generation Secunia NSI is built on the same technology as the award winning Secunia PSI, which has already been downloaded and installed on more than 400,000 computers world wide. The vulnerability is caused due to an error in the processing of overly large ping packets and can be exploited to e.g. cause the web interface to become inaccessible. The vulnerability is reported in version 3.3.6. Other versions may also be affected. SOLUTION: Restrict network access to the device. PROVIDED AND/OR DISCOVERED BY: sipher ORIGINAL ADVISORY: http://seclists.org/bugtraq/2008/Mar/0301.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-2092 // JVNDB: JVNDB-2008-004399 // BID: 28414 // VULHUB: VHN-32217 // PACKETSTORM: 65807

AFFECTED PRODUCTS

vendor:linksysmodel:spa-2102 phone adapterscope:eqversion:3.3.6

Trust: 1.9

vendor:cisco linksysmodel:spa-2102 phone adapterscope:eqversion:3.3.6

Trust: 0.8

sources: BID: 28414 // JVNDB: JVNDB-2008-004399 // CNNVD: CNNVD-200805-044 // NVD: CVE-2008-2092

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-2092
value: HIGH

Trust: 1.0

NVD: CVE-2008-2092
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200805-044
value: HIGH

Trust: 0.6

VULHUB: VHN-32217
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2008-2092
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-32217
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-32217 // JVNDB: JVNDB-2008-004399 // CNNVD: CNNVD-200805-044 // NVD: CVE-2008-2092

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-32217 // JVNDB: JVNDB-2008-004399 // NVD: CVE-2008-2092

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200805-044

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-200805-044

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-004399

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-32217

PATCH
title:Linksysurl:http://home.cisco.com/en-apac/home
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-004399

EXTERNAL IDS
db:NVDid:CVE-2008-2092
Trust: 2.8
db:BIDid:28414
Trust: 2.0
db:SECUNIAid:29523
Trust: 1.8
db:JVNDBid:JVNDB-2008-004399
Trust: 0.8
db:CNNVDid:CNNVD-200805-044
Trust: 0.7
db:XFid:41436
Trust: 0.6
db:XFid:2102
Trust: 0.6
db:BUGTRAQid:20080324 RE: RE: LINKSYS PHONE ADAPTER DENIAL OF SERVICE
Trust: 0.6
db:BUGTRAQid:20080325 RE: LINKSYS PHONE ADAPTER DENIAL OF SERVICE
Trust: 0.6
db:BUGTRAQid:20080324 LINKSYS PHONE ADAPTER DENIAL OF SERVICE
Trust: 0.6
db:BUGTRAQid:20080324 RE: LINKSYS PHONE ADAPTER DENIAL OF SERVICE
Trust: 0.6
db:SEEBUGid:SSVID-84804
Trust: 0.1
db:EXPLOIT-DBid:31478
Trust: 0.1
db:VULHUBid:VHN-32217
Trust: 0.1
db:PACKETSTORMid:65807
Trust: 0.1
sources:
            
            
            VULHUB: VHN-32217 // 
            
            
            
            BID: 28414 // 
            
            
            
            JVNDB: JVNDB-2008-004399 // 
            
            
            
            PACKETSTORM: 65807 // 
            
            
            
            CNNVD: CNNVD-200805-044 // 
            
            
            
            NVD: CVE-2008-2092

REFERENCES
url:http://www.securityfocus.com/bid/28414
Trust: 1.7
url:http://secunia.com/advisories/29523
Trust: 1.7
url:http://marc.info/?l=bugtraq&m=120645736414059&w=2
Trust: 1.6
url:http://marc.info/?l=bugtraq&m=120638296821936&w=2
Trust: 1.6
url:http://marc.info/?l=bugtraq&m=120638162819268&w=2
Trust: 1.6
url:http://marc.info/?l=bugtraq&m=120637551306325&w=2
Trust: 1.6
url:http://marc.info/?l=bugtraq&m=120637257800425&w=2
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/41436
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2092
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2092
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/41436
Trust: 0.6
url:http://www.linksys.com/
Trust: 0.3
url:/archive/1/489995
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=120637257800425&w=2
Trust: 0.1
url:http://marc.info/?l=bugtraq&m=120637551306325&w=2
Trust: 0.1
url:http://marc.info/?l=bugtraq&m=120638296821936&w=2
Trust: 0.1
url:http://marc.info/?l=bugtraq&m=120638162819268&w=2
Trust: 0.1
url:http://marc.info/?l=bugtraq&m=120645736414059&w=2
Trust: 0.1
url:http://secunia.com/product/18428/
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/network_software_inspector_2/
Trust: 0.1
url:http://secunia.com/advisories/29523/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://seclists.org/bugtraq/2008/mar/0301.html
Trust: 0.1
sources:
            
            
            VULHUB: VHN-32217 // 
            
            
            
            BID: 28414 // 
            
            
            
            JVNDB: JVNDB-2008-004399 // 
            
            
            
            PACKETSTORM: 65807 // 
            
            
            
            CNNVD: CNNVD-200805-044 // 
            
            
            
            NVD: CVE-2008-2092

CREDITS
sipher
Trust: 0.9
sources:
            
            
            BID: 28414 // 
            
            
            
            CNNVD: CNNVD-200805-044

SOURCES
db:VULHUBid:VHN-32217
db:BIDid:28414
db:JVNDBid:JVNDB-2008-004399
db:PACKETSTORMid:65807
db:CNNVDid:CNNVD-200805-044
db:NVDid:CVE-2008-2092

LAST UPDATE DATE
2025-04-10T23:19:02.910000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-32217date:2017-08-08T00:00:00
db:BIDid:28414date:2015-05-07T17:32:00
db:JVNDBid:JVNDB-2008-004399date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200805-044date:2008-09-05T00:00:00
db:NVDid:CVE-2008-2092date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-32217date:2008-05-06T00:00:00
db:BIDid:28414date:2008-03-24T00:00:00
db:JVNDBid:JVNDB-2008-004399date:2012-09-25T00:00:00
db:PACKETSTORMid:65807date:2008-04-28T14:37:56
db:CNNVDid:CNNVD-200805-044date:2008-05-06T00:00:00
db:NVDid:CVE-2008-2092date:2008-05-06T16:20:00