ID

VAR-201202-0282


CVE

CVE-2012-1008


TITLE

OfficeSIP Server Input Validation Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2012-9092 // CNNVD: CNNVD-201202-145

DESCRIPTION

OfficeSIP Server There is a service disruption ( Daemon crash ) There is a vulnerability that becomes a condition.By a third party SIP INVITE Cleverly crafted in the message To Service disruption via header ( Daemon crash ) There is a possibility of being put into a state. A vulnerability exists in the OfficeSIP Server version 3.1. Successful exploits may allow the attacker to cause the application to crash, resulting in denial-of-service conditions

Trust: 1.53

sources: JVNDB: JVNDB-2012-001352 // CNVD: CNVD-2012-9092 // BID: 51828

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2012-9092

AFFECTED PRODUCTS

vendor:officesipmodel:serverscope:eqversion:3.1

Trust: 3.0

vendor:officesipmodel:communications officesip serverscope:eqversion:3.1

Trust: 0.3

sources: CNVD: CNVD-2012-9092 // BID: 51828 // JVNDB: JVNDB-2012-001352 // CNNVD: CNNVD-201202-145 // NVD: CVE-2012-1008

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-1008
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-1008
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2012-9092
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201202-145
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2012-1008
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2012-9092
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2012-9092 // JVNDB: JVNDB-2012-001352 // CNNVD: CNNVD-201202-145 // NVD: CVE-2012-1008

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2012-001352 // NVD: CVE-2012-1008

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201202-145 // CNNVD: CNNVD-201202-053

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201202-145

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001352

PATCH

title:Top Pageurl:http://www.officesip.org/

Trust: 0.8

sources: JVNDB: JVNDB-2012-001352

EXTERNAL IDS

db:NVDid:CVE-2012-1008

Trust: 3.3

db:EXPLOIT-DBid:18453

Trust: 1.0

db:BIDid:51828

Trust: 0.9

db:JVNDBid:JVNDB-2012-001352

Trust: 0.8

db:CNVDid:CNVD-2012-9092

Trust: 0.6

db:CNNVDid:CNNVD-201202-145

Trust: 0.6

db:CNNVDid:CNNVD-201202-053

Trust: 0.6

sources: CNVD: CNVD-2012-9092 // BID: 51828 // JVNDB: JVNDB-2012-001352 // CNNVD: CNNVD-201202-145 // CNNVD: CNNVD-201202-053 // NVD: CVE-2012-1008

REFERENCES

url:http://secpod.org/advisories/secpod_exploit_officesip_server_dos_vuln.txt

Trust: 1.9

url:http://secpod.org/exploits/secpod_exploit_officesip_server_dos.py

Trust: 1.6

url:http://secpod.org/blog/?p=461

Trust: 1.6

url:http://www.exploit-db.com/exploits/18453

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1008

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1008

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/search-results?query=cve-2012-1008

Trust: 0.6

url:http://www.securityfocus.com/bid/51828

Trust: 0.6

url:http://www.officesip.com/index.html

Trust: 0.3

sources: CNVD: CNVD-2012-9092 // BID: 51828 // JVNDB: JVNDB-2012-001352 // CNNVD: CNNVD-201202-145 // CNNVD: CNNVD-201202-053 // NVD: CVE-2012-1008

CREDITS

Prabhu S Angadi of SecPod Technologies

Trust: 0.9

sources: BID: 51828 // CNNVD: CNNVD-201202-053

SOURCES

db:CNVDid:CNVD-2012-9092
db:BIDid:51828
db:JVNDBid:JVNDB-2012-001352
db:CNNVDid:CNNVD-201202-145
db:CNNVDid:CNNVD-201202-053
db:NVDid:CVE-2012-1008

LAST UPDATE DATE

2024-08-14T15:35:17.360000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-9092date:2012-02-09T00:00:00
db:BIDid:51828date:2012-02-09T12:00:00
db:JVNDBid:JVNDB-2012-001352date:2012-02-10T00:00:00
db:CNNVDid:CNNVD-201202-145date:2012-02-09T00:00:00
db:CNNVDid:CNNVD-201202-053date:2012-02-07T00:00:00
db:NVDid:CVE-2012-1008date:2013-07-26T06:40:59.807

SOURCES RELEASE DATE

db:CNVDid:CNVD-2012-9092date:2012-02-09T00:00:00
db:BIDid:51828date:2012-02-02T00:00:00
db:JVNDBid:JVNDB-2012-001352date:2012-02-10T00:00:00
db:CNNVDid:CNNVD-201202-145date:2012-02-09T00:00:00
db:CNNVDid:CNNVD-201202-053date:1900-01-01T00:00:00
db:NVDid:CVE-2012-1008date:2012-02-08T04:11:31.920