nvd-json-data-feeds/CVE-2004/CVE-2004-10xx/CVE-2004-1008.json

{
  "id": "CVE-2004-1008",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2005-01-10T05:00:00.000",
  "lastModified": "2017-07-11T01:30:39.357",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to execute arbitrary code via a SSH2_MSG_DEBUG packet with a modified stringlen parameter, which leads to a buffer overflow."
    },
    {
      "lang": "es",
      "value": "Error de falta de signo en enteros en la funci\u00f3n ssh2_rdpkt en PuTTY anteriores a 0.56 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un paquete SSH2_MSG_DEBUG con un par\u00e1metro stringlen modificado, lo que conduce a un desbordamiento de b\u00fafer."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": true,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "1283B462-042C-4857-A700-4179AAE20E2F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "2791C9DD-F55D-4683-85AF-B6814C34EFBF"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:putty:putty:0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D7582C1-AA8E-41E4-9D69-9A18A5B76CB0"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:putty:putty:0.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC082AE0-C49D-4944-BE76-B751DAD1EF84"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:putty:putty:0.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "23BAD8E4-2D3A-45EE-A25D-77BD698119BB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "58BA8E70-9491-4D4F-9182-2F48347BF6FC"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:putty:putty:0.53b:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F7716EC-E0F9-4E50-8351-35D2F248B380"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:putty:putty:0.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C2BD4D-9817-459E-ACF4-9C95233200A2"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:putty:putty:0.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "22EE5957-76F3-4B20-ADE7-E72D1300A3F0"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:tortoisecvs:tortoisecvs:1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F8DFE94-B24C-4538-944F-3E609D5992D4"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://marc.info/?l=bugtraq&m=109889312917613&w=2",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://secunia.com/advisories/12987/",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://secunia.com/advisories/13012/",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://secunia.com/advisories/17214",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www-1.ibm.com/support/docview.wss?uid=ssg1S1002414",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www-1.ibm.com/support/docview.wss?uid=ssg1S1002416",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.chiark.greenend.org.uk/~sgtatham/putty/",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-29.xml",
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://www.idefense.com/application/poi/display?id=155&type=vulnerabilities&flashstatus=true",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.securityfocus.com/bid/11549",
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17886",
      "source": "cve@mitre.org"
    }
  ]
}