Details of VAR-200809-0162

ID

VAR-200809-0162

CVE

CVE-2008-4193

TITLE

SecurityGateway 'SecurityGateway.dll' Remote Buffer Overflow Vulnerability

Trust: 0.9

sources: BID: 29457 // CNNVD: CNNVD-200809-345

DESCRIPTION

Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologies SecurityGateway 1.0.1 allows remote attackers to execute arbitrary code via a long username parameter. SecurityGateway is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer. Failed exploit attempts will result in a denial-of-service condition. SecurityGateway 1.0.1 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Alt-N SecurityGateway "username" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA30497 VERIFY ADVISORY: http://secunia.com/advisories/30497/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: Alt-N SecurityGateway 1.x http://secunia.com/product/18916/ DESCRIPTION: securfrog has discovered a vulnerability in Alt-N SecurityGateway, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the processing of HTTP requests sent to the administrative web interface. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 1.0.1. SOLUTION: Restrict network access to the administrative web interface. PROVIDED AND/OR DISCOVERED BY: securfrog ORIGINAL ADVISORY: http://milw0rm.com/exploits/5718 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-4193 // JVNDB: JVNDB-2008-003460 // BID: 29457 // VULHUB: VHN-34318 // PACKETSTORM: 66887

AFFECTED PRODUCTS

vendor:

alt n

model:

securitygateway

scope:

version:

1.0.1

Trust: 2.4

sources: JVNDB: JVNDB-2008-003460 // CNNVD: CNNVD-200809-345 // NVD: CVE-2008-4193

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-4193
value:	HIGH
Trust: 1.0
NVD:	CVE-2008-4193
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200809-345
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-34318
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2008-4193
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-34318
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-34318 // JVNDB: JVNDB-2008-003460 // CNNVD: CNNVD-200809-345 // NVD: CVE-2008-4193

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-34318 // JVNDB: JVNDB-2008-003460 // NVD: CVE-2008-4193

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200809-345

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200809-345

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-003460

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-34318

PATCH

title:

SecurityGateway for Exchange/SMTP v2.0 Release Notes

url:

http://files.altn.com/securitygateway/release/relnotes_en.htm

Trust: 0.8

sources: JVNDB: JVNDB-2008-003460

EXTERNAL IDS

db:	NVD	id:	CVE-2008-4193	Trust: 2.8
db:	BID	id:	29457	Trust: 2.0
db:	SECUNIA	id:	30497	Trust: 1.9
db:	EXPLOIT-DB	id:	5718	Trust: 1.8
db:	SREASON	id:	4302	Trust: 1.7
db:	EXPLOIT-DB	id:	5827	Trust: 1.7
db:	SECTRACK	id:	1020156	Trust: 1.7
db:	VUPEN	id:	ADV-2008-1717	Trust: 1.7
db:	JVNDB	id:	JVNDB-2008-003460	Trust: 0.8
db:	MILW0RM	id:	5827	Trust: 0.6
db:	MILW0RM	id:	5718	Trust: 0.6
db:	XF	id:	42769	Trust: 0.6
db:	CNNVD	id:	CNNVD-200809-345	Trust: 0.6
db:	SEEBUG	id:	SSVID-71305	Trust: 0.1
db:	PACKETSTORM	id:	84567	Trust: 0.1
db:	EXPLOIT-DB	id:	16803	Trust: 0.1
db:	VULHUB	id:	VHN-34318	Trust: 0.1
db:	PACKETSTORM	id:	66887	Trust: 0.1

sources: VULHUB: VHN-34318 // BID: 29457 // JVNDB: JVNDB-2008-003460 // PACKETSTORM: 66887 // CNNVD: CNNVD-200809-345 // NVD: CVE-2008-4193

REFERENCES

url:	http://www.securityfocus.com/bid/29457	Trust: 1.7
url:	http://files.altn.com/securitygateway/release/relnotes_en.htm	Trust: 1.7
url:	http://www.securitytracker.com/id?1020156	Trust: 1.7
url:	http://secunia.com/advisories/30497	Trust: 1.7
url:	http://securityreason.com/securityalert/4302	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2008/1717/references	Trust: 1.7
url:	https://www.exploit-db.com/exploits/5718	Trust: 1.1
url:	https://www.exploit-db.com/exploits/5827	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/42769	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4193	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-4193	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/42769	Trust: 0.6
url:	http://www.milw0rm.com/exploits/5827	Trust: 0.6
url:	http://www.milw0rm.com/exploits/5718	Trust: 0.6
url:	http://www.altn.com/	Trust: 0.3
url:	http://www.altn.com/products/securitygateway-email-firewall/	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/18916/	Trust: 0.1
url:	http://secunia.com/hardcore_disassembler_and_reverse_engineer/	Trust: 0.1
url:	http://milw0rm.com/exploits/5718	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/secunia_security_specialist/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/30497/	Trust: 0.1

sources: VULHUB: VHN-34318 // BID: 29457 // JVNDB: JVNDB-2008-003460 // PACKETSTORM: 66887 // CNNVD: CNNVD-200809-345 // NVD: CVE-2008-4193

CREDITS

securfrog

Trust: 0.9

sources: BID: 29457 // CNNVD: CNNVD-200809-345

SOURCES

db:	VULHUB	id:	VHN-34318
db:	BID	id:	29457
db:	JVNDB	id:	JVNDB-2008-003460
db:	PACKETSTORM	id:	66887
db:	CNNVD	id:	CNNVD-200809-345
db:	NVD	id:	CVE-2008-4193

LAST UPDATE DATE

2025-04-10T23:16:34.117000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-34318	date:	2017-09-29T00:00:00
db:	BID	id:	29457	date:	2015-05-07T17:28:00
db:	JVNDB	id:	JVNDB-2008-003460	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200809-345	date:	2009-04-14T00:00:00
db:	NVD	id:	CVE-2008-4193	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-34318	date:	2008-09-24T00:00:00
db:	BID	id:	29457	date:	2008-06-01T00:00:00
db:	JVNDB	id:	JVNDB-2008-003460	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	66887	date:	2008-06-02T21:20:05
db:	CNNVD	id:	CNNVD-200809-345	date:	2008-09-24T00:00:00
db:	NVD	id:	CVE-2008-4193	date:	2008-09-24T11:42:25.297