PT-2008-2928 · Motum · Timbuktu Pro

Published

2008-03-14

Updated

2018-10-11

CVE-2008-1337

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Timbuktu Pro versions 8.6.5 RC 229 and earlier

Description The issue affects the instant message service, allowing remote attackers to cause a denial of service. This can happen in two ways: (1) by sending an invalid Version field, which can cause the daemon to crash, or (2) by sending an invalid or partial message, leading to CPU consumption and eventual daemon termination.

Recommendations For Timbuktu Pro versions 8.6.5 RC 229 and earlier, consider disabling the instant message service until a fix is available to prevent potential denial of service attacks.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2008-1337

Affected Products

Timbuktu Pro

PT-2008-2928 · Motum · Timbuktu Pro

CVE-2008-1337

Weakness Enumeration

Related Identifiers

Affected Products

References · 7