CVE-2007-1654

Buffer overflow in the Ne7sshSftp::addOpenHandle function in ne7ssh_sftp.cpp in NetSieben SSH Library (ne7ssh) before 1.2.1 allows user-assisted remote SFTP servers to cause a denial of service (crash) or possibly execute arbitrary code via multiple file transfers, related to multiple open file handles in SFTP (1) put and (2) get operations.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://netsieben.com/files/CHANGELOG
http://osvdb.org/43555
https://exchange.xforce.ibmcloud.com/vulnerabilities/33504

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:netsieben:netsieben_ssh_library:1.1.6:::::::*
	cpe:2.3:a:netsieben:netsieben_ssh_library:1.2.0:::::::*
	cpe:2.3:a:netsieben:netsieben_ssh_library:1.1:::::::*
	cpe:2.3:a:netsieben:netsieben_ssh_library:1.1.5:::::::*
	cpe:2.3:a:netsieben:netsieben_ssh_library:1.03:::::::*

Information

Published : 2007-03-23 17:19

Updated : 2017-07-28 18:30

NVD link : CVE-2007-1654

Mitre link : CVE-2007-1654

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

netsieben

netsieben_ssh_library

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://netsieben.com/files/CHANGELOG", "name": "http://netsieben.com/files/CHANGELOG", "tags": [], "refsource": "CONFIRM"}, {"url": "http://osvdb.org/43555", "name": "43555", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33504", "name": "ne7ssh-addopenhandle-bo(33504)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflow in the Ne7sshSftp::addOpenHandle function in ne7ssh_sftp.cpp in NetSieben SSH Library (ne7ssh) before 1.2.1 allows user-assisted remote SFTP servers to cause a denial of service (crash) or possibly execute arbitrary code via multiple file transfers, related to multiple open file handles in SFTP (1) put and (2) get operations."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-1654", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2007-03-24T00:19Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:netsieben:netsieben_ssh_library:1.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netsieben:netsieben_ssh_library:1.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netsieben:netsieben_ssh_library:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netsieben:netsieben_ssh_library:1.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netsieben:netsieben_ssh_library:1.03:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-29T01:30Z"}