CVE-2008-1303

Name of the Vulnerable Software and Affected Versions Perforce Server versions 2007.3/143793 and earlier

Description The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, by sending a request with a missing parameter to certain commands. These commands include dm-FaultFile, dm-LazyCheck, dm-ResolvedFile, dm-OpenFile, and crypto, which triggers a NULL pointer dereference.

Recommendations For Perforce Server versions 2007.3/143793 and earlier, consider restricting access to the commands dm-FaultFile, dm-LazyCheck, dm-ResolvedFile, dm-OpenFile, and crypto to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.