symantec_antivirus_scan_engine,scan_engine,symantec_antivirus_filtering_domino_mpe,symantec_antivirus_ms_isa,symantec_antivirus_microsoft_sharepoint,symantec_antivirus_messaging,symantec_mail_security_exchange,symantec_antivirus_scan_engine_caching,symantec_antivirus_clearswift,symantec_antivirus_network_attached_storage 拒绝服务漏洞

CVE编号

CVE-2008-0308

利用情况

暂无

补丁情况

N/A

披露时间

2008-02-29
漏洞描述
Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to cause a denial of service (memory consumption) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=666
http://secunia.com/advisories/29140
http://www.securityfocus.com/bid/27911
http://www.securitytracker.com/id?1019503
http://www.symantec.com/avcenter/security/Content/2008.02.27.html
http://www.vupen.com/english/advisories/2008/0680
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
应用 symantec scan_engine * Up to
(including)
5.1.4.24
运行在以下环境
应用 symantec symantec_antivirus_clearswift * Up to
(including)
4.3.16.39
运行在以下环境
应用 symantec symantec_antivirus_filtering_domino_mpe * Up to
(including)
3.0.12
运行在以下环境
应用 symantec symantec_antivirus_messaging * Up to
(including)
4.3.16.39
运行在以下环境
应用 symantec symantec_antivirus_microsoft_sharepoint * Up to
(including)
4.3.16.39
运行在以下环境
应用 symantec symantec_antivirus_ms_isa * Up to
(including)
4.3.16.39
运行在以下环境
应用 symantec symantec_antivirus_network_attached_storage * Up to
(including)
4.3.16.39
运行在以下环境
应用 symantec symantec_antivirus_scan_engine * Up to
(including)
4.3.16.39
运行在以下环境
应用 symantec symantec_antivirus_scan_engine_caching * Up to
(including)
4.3.16.39
运行在以下环境
应用 symantec symantec_mail_security_exchange * Up to
(including)
4.6.5.12
运行在以下环境
应用 symantec symantec_mail_security_exchange * Up to
(including)
5.0.4.363
CVSS3评分
7.1
  • 攻击路径
    网络
  • 攻击复杂度
    N/A
  • 权限要求
  • 影响范围
    N/A
  • 用户交互
  • 可用性
    完全地
  • 保密性
  • 完整性
AV:N/AC:M/Au:N/C:N/I:N/A:C
CWE-ID 漏洞类型
CWE-399 资源管理错误
阿里云安全产品覆盖情况