Details of VAR-200809-0222

ID

VAR-200809-0222

CVE

CVE-2008-3936

TITLE

Dreambox DM500C of Web Service disruption at the interface (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2008-003408

DESCRIPTION

The web interface in Dreambox DM500C allows remote attackers to cause a denial of service (application hang) via a long URI. The DreamBox DM500 series is an intelligent set-top box device. DreamBox DM500 incorrectly submits a URL request containing a directory traversal character. A remote attacker can exploit the vulnerability to view system file information in the application context. Dreambox is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the affected device, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. Dreambox DM500C is vulnerable; other models may also be affected. DreamBox DM500 products are prone to a directory-traversal vulnerability because they fail to sufficiently sanitize user-supplied input. Information harvested may aid in launching further attacks. The Dreambox is a series of Linux-powered DVB satellite, terrestrial and cable digital television receivers (set-top box).Dreambox suffers from a file download vulnerability thru directory traversal with appending the '/' character in the HTTP GET method of the affected host address. The attacker can get to sensitive information like paid channel keys, usernames, passwords, config and plug-ins info, etc.Tested on: Linux Kernel 2.6.9, The Gemini Project, Enigma. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Dreambox DM500 Long Requests Denial of Service Vulnerability SECUNIA ADVISORY ID: SA31650 VERIFY ADVISORY: http://secunia.com/advisories/31650/ CRITICAL: Not critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: Dreambox DM500 http://secunia.com/product/19701/ DESCRIPTION: Marc Ruef has reported a vulnerability in Dreambox DM500, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the web interface when processing overly long requests. This can be exploited to cause a DoS by sending malicious requests to a vulnerable device. SOLUTION: Use a firewall or proxy to filter malicious requests. PROVIDED AND/OR DISCOVERED BY: Marc Ruef, scip AG ORIGINAL ADVISORY: http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3807 http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064115.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.88

sources: NVD: CVE-2008-3936 // JVNDB: JVNDB-2008-003408 // CNVD: CNVD-2011-1870 // BID: 30919 // BID: 47844 // ZSL: ZSL-2011-5013 // PACKETSTORM: 69522

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2011-1870

AFFECTED PRODUCTS

vendor:	dreambox	model:	dm500c	scope:	-	version:	-	Trust: 1.4
vendor:	dreambox	model:	dm500c	scope:	eq	version:	*	Trust: 1.0
vendor:	dream	model:	multimedia dreambox dm500s	scope:	-	version:	-	Trust: 0.9
vendor:	dream	model:	multimedia dreambox dm500	scope:	-	version:	-	Trust: 0.9
vendor:	dream	model:	multimedia dreambox dm500+	scope:	-	version:	-	Trust: 0.9
vendor:	dream	model:	multimedia dreambox dm500hd	scope:	-	version:	-	Trust: 0.9
vendor:	dream	model:	multimedia dreambox dm500c	scope:	-	version:	-	Trust: 0.3
vendor:	dream	model:	multimedia dreambox dm800	scope:	-	version:	-	Trust: 0.3
vendor:	dream multimedia	model:	dreambox dm	scope:	eq	version:	dm500hd and dm500s	Trust: 0.1

sources: ZSL: ZSL-2011-5013 // CNVD: CNVD-2011-1870 // BID: 30919 // BID: 47844 // JVNDB: JVNDB-2008-003408 // CNNVD: CNNVD-200809-092 // NVD: CVE-2008-3936

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-3936
value:	HIGH
Trust: 1.0
NVD:	CVE-2008-3936
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200809-092
value:	HIGH
Trust: 0.6
ZSL:	ZSL-2011-5013
value:	(3/5)
Trust: 0.1

nvd@nist.gov:	CVE-2008-3936
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: ZSL: ZSL-2011-5013 // JVNDB: JVNDB-2008-003408 // CNNVD: CNNVD-200809-092 // NVD: CVE-2008-3936

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2008-003408 // NVD: CVE-2008-3936

THREAT TYPE

network

Trust: 0.6

sources: BID: 30919 // BID: 47844

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200809-092

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-003408

EXPLOIT AVAILABILITY

sources: ZSL: ZSL-2011-5013

PATCH

title:

Top Page

url:

http://www.dream-multimedia-tv.de/

Trust: 0.8

sources: JVNDB: JVNDB-2008-003408

EXTERNAL IDS

db:	NVD	id:	CVE-2008-3936	Trust: 2.7
db:	BID	id:	30919	Trust: 1.9
db:	SECUNIA	id:	31650	Trust: 1.8
db:	SREASON	id:	4221	Trust: 1.6
db:	VUPEN	id:	ADV-2008-2472	Trust: 1.6
db:	SECTRACK	id:	1020784	Trust: 1.6
db:	BID	id:	47844	Trust: 1.0
db:	JVNDB	id:	JVNDB-2008-003408	Trust: 0.8
db:	CNVD	id:	CNVD-2011-1870	Trust: 0.6
db:	FULLDISC	id:	20080829 [SCIP_ADVISORY 3807] DREAMBOX DM500 WEBSERVER LONG URL REQUEST DENIAL OF SERVICE	Trust: 0.6
db:	XF	id:	44788	Trust: 0.6
db:	BUGTRAQ	id:	20080829 [SCIP_ADVISORY 3807] DREAMBOX DM500 WEBSERVER LONG URL REQUEST DENIAL OF SERVICE	Trust: 0.6
db:	CNNVD	id:	CNNVD-200809-092	Trust: 0.6
db:	EXPLOIT-DB	id:	17279	Trust: 0.1
db:	XF	id:	67456	Trust: 0.1
db:	PACKETSTORM	id:	101385	Trust: 0.1
db:	ZSL	id:	ZSL-2011-5013	Trust: 0.1
db:	PACKETSTORM	id:	69522	Trust: 0.1

sources: ZSL: ZSL-2011-5013 // CNVD: CNVD-2011-1870 // BID: 30919 // BID: 47844 // JVNDB: JVNDB-2008-003408 // PACKETSTORM: 69522 // CNNVD: CNNVD-200809-092 // NVD: CVE-2008-3936

REFERENCES

url:	http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3807	Trust: 1.7
url:	http://lists.grok.org.uk/pipermail/full-disclosure/2008-august/064115.html	Trust: 1.7
url:	http://www.securitytracker.com/id?1020784	Trust: 1.6
url:	http://www.securityfocus.com/bid/30919	Trust: 1.6
url:	http://securityreason.com/securityalert/4221	Trust: 1.6
url:	http://secunia.com/advisories/31650	Trust: 1.6
url:	http://www.securityfocus.com/archive/1/495837/100/0/threaded	Trust: 1.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/44788	Trust: 1.0
url:	http://www.vupen.com/english/advisories/2008/2472	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3936	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3936	Trust: 0.8
url:	http://www.securityfocus.com/bid/47844/	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/44788	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/495837/100/0/threaded	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2008/2472	Trust: 0.6
url:	http://www.dream-multimedia-tv.de/english/products_dm500.php	Trust: 0.3
url:	/archive/1/495837	Trust: 0.3
url:	http://www.dream-multimedia-tv.de	Trust: 0.3
url:	http://secunia.com/advisories/31650/	Trust: 0.2
url:	http://packetstormsecurity.org/files/101385	Trust: 0.1
url:	http://www.exploit-db.com/exploits/17279/	Trust: 0.1
url:	http://www.securityfocus.com/bid/47844	Trust: 0.1
url:	http://securityreason.com/exploitalert/10427	Trust: 0.1
url:	http://xforce.iss.net/xforce/xfdb/67456	Trust: 0.1
url:	http://www.vfocus.net/art/20110517/9000.html	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/hardcore_disassembler_and_reverse_engineer/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/19701/	Trust: 0.1
url:	http://secunia.com/secunia_security_specialist/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

CREDITS

Marc Ruef

Trust: 0.3

sources: BID: 30919

SOURCES

db:	ZSL	id:	ZSL-2011-5013
db:	CNVD	id:	CNVD-2011-1870
db:	BID	id:	30919
db:	BID	id:	47844
db:	JVNDB	id:	JVNDB-2008-003408
db:	PACKETSTORM	id:	69522
db:	CNNVD	id:	CNNVD-200809-092
db:	NVD	id:	CVE-2008-3936

LAST UPDATE DATE

2025-04-10T23:09:31.898000+00:00

SOURCES UPDATE DATE

db:	ZSL	id:	ZSL-2011-5013	date:	2011-06-27T00:00:00
db:	CNVD	id:	CNVD-2011-1870	date:	2011-05-16T00:00:00
db:	BID	id:	30919	date:	2015-05-07T17:24:00
db:	BID	id:	47844	date:	2011-06-28T17:00:00
db:	JVNDB	id:	JVNDB-2008-003408	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200809-092	date:	2009-01-29T00:00:00
db:	NVD	id:	CVE-2008-3936	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	ZSL	id:	ZSL-2011-5013	date:	2011-05-13T00:00:00
db:	CNVD	id:	CNVD-2011-1870	date:	2011-05-16T00:00:00
db:	BID	id:	30919	date:	2008-08-29T00:00:00
db:	BID	id:	47844	date:	2011-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2008-003408	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	69522	date:	2008-09-03T00:17:02
db:	CNNVD	id:	CNNVD-200809-092	date:	2008-09-05T00:00:00
db:	NVD	id:	CVE-2008-3936	date:	2008-09-05T15:08:00