CVE-2008-1673

Priority
Description
The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6
before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b)
the gxsnmp package; does not properly validate length values during
decoding of ASN.1 BER data, which allows remote attackers to cause a denial
of service (crash) or execute arbitrary code via (1) a length greater than
the working buffer, which can lead to an unspecified overflow; (2) an oid
length of zero, which can lead to an off-by-one error; or (3) an indefinite
length for a primitive encoding.
Ubuntu-Description
Wei Wang discovered that the ASN.1 decoding routines in CIFS and SNMP
NAT did not correctly handle certain length values. Remote attackers
could exploit this to execute arbitrary code or crash the system.
Assigned-to
kees
Notes
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2019-12-05 20:48:45 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)