CVE-2007-2054

Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt	Patch Vendor Advisory
http://securityreason.com/securityalert/2657
https://exchange.xforce.ibmcloud.com/vulnerabilities/33969
http://www.securityfocus.com/archive/1/467040/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:afflib:afflib:*:*:*:*:*:*:*:*

Information

Published : 2007-04-30 15:19

Updated : 2018-10-16 09:41

NVD link : CVE-2007-2054

Mitre link : CVE-2007-2054

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

afflib

afflib

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt", "name": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt", "tags": ["Patch", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://securityreason.com/securityalert/2657", "name": "2657", "tags": [], "refsource": "SREASON"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33969", "name": "afflib-multiple-format-string(33969)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/467040/100/0/threaded", "name": "20070427 AFFLIB(TM): Multiple Format String Injections", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-2054", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-04-30T22:19Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:afflib:afflib:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.2.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-16T16:41Z"}