Vulnerability Description
The instant message service in Timbuktu Pro 8.6.5 RC 229 and earlier for Windows allows remote attackers to cause (1) a denial of service (daemon crash) via an invalid Version field or (2) a denial of service (CPU consumption and daemon termination) via an invalid or partial message.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netopia | Timbuktu Pro | 8.6.5 |
Related Weaknesses (CWE)
References
- http://aluigi.altervista.org/adv/timbuto-adv.txt
- http://aluigi.org/poc/timbuto.zipExploit
- http://secunia.com/advisories/29316Vendor Advisory
- http://securityreason.com/securityalert/3741
- http://www.securityfocus.com/archive/1/489360/100/0/threaded
- http://www.vupen.com/english/advisories/2008/0840
- http://aluigi.altervista.org/adv/timbuto-adv.txt
- http://aluigi.org/poc/timbuto.zipExploit
- http://secunia.com/advisories/29316Vendor Advisory
- http://securityreason.com/securityalert/3741
- http://www.securityfocus.com/archive/1/489360/100/0/threaded
- http://www.vupen.com/english/advisories/2008/0840
FAQ
What is CVE-2008-1337?
CVE-2008-1337 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The instant message service in Timbuktu Pro 8.6.5 RC 229 and earlier for Windows allows remote attackers to cause (1) a denial of service (daemon crash) via an invalid Version field or (2) a denial of...
How severe is CVE-2008-1337?
CVE-2008-1337 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1337?
Check the references section above for vendor advisories and patch information. Affected products include: Netopia Timbuktu Pro.