CVE-2007-0460

Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to "improper string length calculations."

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.novell.com/linux/security/advisories/2007_01_sr.html	Vendor Advisory
http://secunia.com/advisories/23863	Vendor Advisory
http://security.gentoo.org/glsa/glsa-200703-17.xml
http://www.securityfocus.com/bid/22139
http://secunia.com/advisories/24524	Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:028
http://osvdb.org/32939

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:suse:suse_linux:9.3:::::::*
	cpe:2.3:o:suse:suse_linux::::::::

Information

Published : 2007-01-23 17:28

Updated : 2010-09-14 22:41

NVD link : CVE-2007-0460

Mitre link : CVE-2007-0460

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

Products Affected

suse

suse_linux

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.novell.com/linux/security/advisories/2007_01_sr.html", "name": "SUSE-SR:2007:001", "tags": ["Vendor Advisory"], "refsource": "SUSE"}, {"url": "http://secunia.com/advisories/23863", "name": "23863", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://security.gentoo.org/glsa/glsa-200703-17.xml", "name": "GLSA-200703-17", "tags": [], "refsource": "GENTOO"}, {"url": "http://www.securityfocus.com/bid/22139", "name": "22139", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/24524", "name": "24524", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:028", "name": "MDKSA-2007:028", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://osvdb.org/32939", "name": "32939", "tags": [], "refsource": "OSVDB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to \"improper string length calculations.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-0460", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "acInsufInfo": true, "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-01-24T01:28Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:suse:suse_linux:9.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:suse_linux:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "10.1"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2010-09-15T05:41Z"}