CVE-2008-1118

critical

Description

Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does not perform input validation before logging information fields taken from packets from a remote peer, which allows remote attackers to generate crafted log entries, and possibly avoid detection of attacks, via modified (1) computer name, (2) user name, and (3) IP address fields.

References

https://www.exploit-db.com/exploits/5238

https://exchange.xforce.ibmcloud.com/vulnerabilities/41330

http://www.securityfocus.com/archive/1/489414/100/0/threaded

http://www.coresecurity.com/?action=item&id=2166

http://securityreason.com/securityalert/3742

http://secunia.com/advisories/29316

Details

Source: Mitre, NVD

Published: 2008-03-14

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.07085