var-200803-0282
Vulnerability from variot
Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and possibly other versions, allows remote attackers to execute arbitrary code via unknown vectors that trigger heap corruption. SAP MaxDB is prone to a heap-based memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Successfully exploiting this issue will compromise the affected application and possibly the underlying computer. This issue affects MaxDB 7.6.0.37 running on the Linux operating system. Other versions running on different platforms may also be affected. The new version includes many new and advanced features, which makes it even easier to stay patched.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: MaxDB Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA29312
VERIFY ADVISORY: http://secunia.com/advisories/29312/
CRITICAL: Highly critical
IMPACT: Privilege escalation, System access
WHERE:
From remote
SOFTWARE: MaxDB 7.x http://secunia.com/product/4012/
DESCRIPTION: Some vulnerabilities have been reported in MaxDB, which can be exploited by malicious, local users to gain escalated privileges, and by malicious people to potentially compromise a vulnerable system.
2) An error exists within the "sdbstarter" program when handling environment variables.
Successful exploitation requires that the attacker is a member of the "sdba" group.
PROVIDED AND/OR DISCOVERED BY: An anonymous researcher, reported via iDefense.
ORIGINAL ADVISORY: iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=670 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=669
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. iDefense Security Advisory 03.10.08 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 10, 2008
I. BACKGROUND
SAP's MaxDB is a database software product. MaxDB was released as open source from version 7.5 up to version 7.6.00. Later versions are no longer open source but are available for download from the SAP SDN website (sdn.sap.com) as a community edition with free community support for public use beyond the scope of SAP applications. The "vserver" program is responsible for accepting and handling communication with remote database clients. For more information, visit the product's website at the following URL.
https://www.sdn.sap.com/irj/sdn/maxdb
II.
After accepting a connection, the "vserver" process forks and reads parameters from the client into various structures. When doing so, it trusts values sent from the client to be valid. By sending a specially crafted request, an attacker can cause heap corruption. This leads to a potentially exploitable memory corruption condition.
III. In order to exploit this vulnerability, an attacker must be able to establish a TCP session on port 7210 with the target host. Additionally, the attacker must know the name of an active database on the server.
Since this service uses the fork() system call once a connection has been accepted, an attacker can repeatedly attempt to exploit this vulnerability. Some exploitation attempts may result in the database process ceasing to run, in which case further exploitation attempts will not be possible.
IV. DETECTION
iDefense has confirmed the existence of this vulnerability in SAP AG's MaxDB version 7.6.0.37 on Linux.
V. WORKAROUND
Employing firewalls to limit access to the affected service will mitigate exposure to this vulnerability.
VI. VENDOR RESPONSE
SAP AG has addressed this vulnerability by releasing a new version of MaxDB. For more information, consult SAP note 1140135.
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-0307 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
12/06/2007 Initial vendor notification 12/10/2007 Initial vendor response 03/10/2008 Coordinated public disclosure
IX. CREDIT
The discoverer of this vulnerability wishes to remain anonymous.
Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2008 iDefense, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200803-0282",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "maxdb",
"scope": "eq",
"trust": 2.7,
"vendor": "sap",
"version": "7.6.0.37"
}
],
"sources": [
{
"db": "BID",
"id": "28183"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-005381"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-177"
},
{
"db": "NVD",
"id": "CVE-2008-0307"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:sap:maxdb",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-005381"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iDEFENSE",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-177"
}
],
"trust": 0.6
},
"cve": "CVE-2008-0307",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2008-0307",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-0307",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2008-0307",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200803-177",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-005381"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-177"
},
{
"db": "NVD",
"id": "CVE-2008-0307"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and possibly other versions, allows remote attackers to execute arbitrary code via unknown vectors that trigger heap corruption. SAP MaxDB is prone to a heap-based memory-corruption vulnerability. \nAn attacker can exploit this issue to execute arbitrary code within the context of the affected application. Successfully exploiting this issue will compromise the affected application and possibly the underlying computer. \nThis issue affects MaxDB 7.6.0.37 running on the Linux operating system. Other versions running on different platforms may also be affected. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nMaxDB Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA29312\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/29312/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nPrivilege escalation, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nMaxDB 7.x\nhttp://secunia.com/product/4012/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in MaxDB, which can be\nexploited by malicious, local users to gain escalated privileges, and\nby malicious people to potentially compromise a vulnerable system. \n\n2) An error exists within the \"sdbstarter\" program when handling\nenvironment variables. \n\nSuccessful exploitation requires that the attacker is a member of the\n\"sdba\" group. \n\nPROVIDED AND/OR DISCOVERED BY:\nAn anonymous researcher, reported via iDefense. \n\nORIGINAL ADVISORY:\niDefense:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=670\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=669\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. iDefense Security Advisory 03.10.08\nhttp://labs.idefense.com/intelligence/vulnerabilities/\nMar 10, 2008\n\nI. BACKGROUND\n\nSAP\u0027s MaxDB is a database software product. MaxDB was released as open\nsource from version 7.5 up to version 7.6.00. Later versions are no\nlonger open source but are available for download from the SAP SDN\nwebsite (sdn.sap.com) as a community edition with free community\nsupport for public use beyond the scope of SAP applications. The\n\"vserver\" program is responsible for accepting and handling\ncommunication with remote database clients. For more information, visit\nthe product\u0027s website at the following URL. \n\nhttps://www.sdn.sap.com/irj/sdn/maxdb\n\nII. \n\nAfter accepting a connection, the \"vserver\" process forks and reads\nparameters from the client into various structures. When doing so, it\ntrusts values sent from the client to be valid. By sending a specially\ncrafted request, an attacker can cause heap corruption. This leads to a\npotentially exploitable memory corruption condition. \n\nIII. In order to exploit this vulnerability, an\nattacker must be able to establish a TCP session on port 7210 with the\ntarget host. Additionally, the attacker must know the name of an active\ndatabase on the server. \n\nSince this service uses the fork() system call once a connection has\nbeen accepted, an attacker can repeatedly attempt to exploit this\nvulnerability. Some exploitation attempts may result in the database\nprocess ceasing to run, in which case further exploitation attempts\nwill not be possible. \n\nIV. DETECTION\n\niDefense has confirmed the existence of this vulnerability in SAP AG\u0027s\nMaxDB version 7.6.0.37 on Linux. \n\nV. WORKAROUND\n\nEmploying firewalls to limit access to the affected service will\nmitigate exposure to this vulnerability. \n\nVI. VENDOR RESPONSE\n\nSAP AG has addressed this vulnerability by releasing a new version of\nMaxDB. For more information, consult SAP note 1140135. \n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2008-0307 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n12/06/2007 Initial vendor notification\n12/10/2007 Initial vendor response\n03/10/2008 Coordinated public disclosure\n\nIX. CREDIT\n\nThe discoverer of this vulnerability wishes to remain anonymous. \n\nGet paid for vulnerability research\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2008 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDefense. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically,\nplease e-mail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \n There are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct,\nindirect, or consequential loss or damage arising from use of, or\nreliance on, this information. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-0307"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-005381"
},
{
"db": "BID",
"id": "28183"
},
{
"db": "PACKETSTORM",
"id": "64375"
},
{
"db": "PACKETSTORM",
"id": "64480"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-0307",
"trust": 2.8
},
{
"db": "BID",
"id": "28183",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "29312",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-0844",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1019571",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2008-005381",
"trust": 0.8
},
{
"db": "IDEFENSE",
"id": "20080310 SAP MAXDB SIGNEDNESS ERROR HEAP CORRUPTION VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "41107",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200803-177",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "64375",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "64480",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "28183"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-005381"
},
{
"db": "PACKETSTORM",
"id": "64375"
},
{
"db": "PACKETSTORM",
"id": "64480"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-177"
},
{
"db": "NVD",
"id": "CVE-2008-0307"
}
]
},
"id": "VAR-200803-0282",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1359447
},
"last_update_date": "2024-11-23T22:28:09.919000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://maxdb.sap.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-005381"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-189",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-005381"
},
{
"db": "NVD",
"id": "CVE-2008-0307"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=669"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id?1019571"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/28183"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/29312"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2008/0844/references"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41107"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0307"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0307"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/41107"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/0844/references"
},
{
"trust": 0.4,
"url": "https://www.sdn.sap.com/irj/sdn/maxdb"
},
{
"trust": 0.3,
"url": "/archive/1/489357"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4012/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=670"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/29312/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/),"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/methodology/vulnerability/vcp.php"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0307"
}
],
"sources": [
{
"db": "BID",
"id": "28183"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-005381"
},
{
"db": "PACKETSTORM",
"id": "64375"
},
{
"db": "PACKETSTORM",
"id": "64480"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-177"
},
{
"db": "NVD",
"id": "CVE-2008-0307"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "28183"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-005381"
},
{
"db": "PACKETSTORM",
"id": "64375"
},
{
"db": "PACKETSTORM",
"id": "64480"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-177"
},
{
"db": "NVD",
"id": "CVE-2008-0307"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-03-10T00:00:00",
"db": "BID",
"id": "28183"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-005381"
},
{
"date": "2008-03-12T17:55:23",
"db": "PACKETSTORM",
"id": "64375"
},
{
"date": "2008-03-13T00:29:44",
"db": "PACKETSTORM",
"id": "64480"
},
{
"date": "2008-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-177"
},
{
"date": "2008-03-11T23:44:00",
"db": "NVD",
"id": "CVE-2008-0307"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-03-12T17:21:00",
"db": "BID",
"id": "28183"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-005381"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-177"
},
{
"date": "2024-11-21T00:41:38.243000",
"db": "NVD",
"id": "CVE-2008-0307"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "64480"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-177"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP MaxDB of vserver Integer sign error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-005381"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-177"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.