1. CVE-Search
  2. CVE-2008-0759
ID CVE-2008-0759
Summary ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allows remote attackers to cause a denial of service (daemon crash) via an invalid UAM field in a request to the Apple Filing Protocol (AFP) service on TCP port 548.
References
Vulnerable Configurations
  • cpe:2.3:a:group_logic:extremez-ip_file_server:*:*:*:*:*:*:*:*
    cpe:2.3:a:group_logic:extremez-ip_file_server:*:*:*:*:*:*:*:*
  • cpe:2.3:a:group_logic:extremez-ip_print_server:*:*:*:*:*:*:*:*
    cpe:2.3:a:group_logic:extremez-ip_print_server:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 15-10-2018 - 22:02)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 27718
bugtraq 20080211 Multiple vulnerabilities in EztremeZ-IP File and Printer Server 5.1.2x15
confirm http://www.grouplogic.com/files/ez/hot/hotFix51.cfm
misc
secunia 28862
vupen ADV-2008-0485
statements via4
contributor
lastmodified 2008-02-21
organization Group Logic
statement Group Logic has fixed this issue in the ExtremeZ-IP 5.1.3x03 hotfix released on February 20, 2008. The update is free for all customers with active service contracts who own a version 5.x license and can be downloaded from http://www.grouplogic.com/files/ez/hot/hotFix51.cfm
Last major update 15-10-2018 - 22:02
Published 13-02-2008 - 21:00
Last modified 15-10-2018 - 22:02
Back to Top