CVE-2008-2499 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2008-2499?

CVE-2008-2499 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-2499?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Lotus Sametime.

Vulnerability Description

Stack-based buffer overflow in the Community Services Multiplexer (aka MUX or StMux.exe) in IBM Lotus Sametime 7.5.1 CF1 and earlier, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code via a crafted URL.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Ibm	Lotus Sametime	<= 7.5

Related Weaknesses (CWE)

CWE-119

References

http://secunia.com/advisories/30309Third Party Advisory
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21303920Vendor Advisory
http://www.securityfocus.com/bid/29328ExploitThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1020093Third Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2008/1595/referencesThird Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-028/Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/42575Third Party AdvisoryVDB Entry
http://secunia.com/advisories/30309Third Party Advisory
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21303920Vendor Advisory
http://www.securityfocus.com/bid/29328ExploitThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1020093Third Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2008/1595/referencesThird Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-028/Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/42575Third Party AdvisoryVDB Entry

FAQ

What is CVE-2008-2499?

CVE-2008-2499 is a vulnerability with a CVSS score of 7.5 (HIGH). Stack-based buffer overflow in the Community Services Multiplexer (aka MUX or StMux.exe) in IBM Lotus Sametime 7.5.1 CF1 and earlier, and 8.x before 8.0.1, allows remote attackers to execute arbitrary...

How severe is CVE-2008-2499?

CVE-2008-2499 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-2499?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Lotus Sametime.