CVE-2007-5242

Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON.EXE in HP OpenVMS 8.3 and earlier allows remote attackers to cause a denial of service (machine crash) via an "oversize" packet, which is not properly discarded if "the device has no remaining buffers after receipt of the first buffer segment."

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://mail.openvms.org:8100/Lists/alerts/Message/582.html	Patch
http://mail.openvms.org:8100/Lists/alerts/Message/583.html	Patch
http://www.securityfocus.com/bid/25939	Patch
http://secunia.com/advisories/27084	Patch Vendor Advisory
http://osvdb.org/37813
http://osvdb.org/37812
http://www.vupen.com/english/advisories/2007/3382

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:hp:openvms:::alpha:::::*
	cpe:2.3:o:hp:openvms:::integrity:::::*

Information

Published : 2007-10-06 09:17

Updated : 2011-03-07 19:00

NVD link : CVE-2007-5242

Mitre link : CVE-2007-5242

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

hp

openvms

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://mail.openvms.org:8100/Lists/alerts/Message/582.html", "name": "[openvms-alerts] 20071003 VMS83A_LAN-V0200, ECO Kit Release", "tags": ["Patch"], "refsource": "MLIST"}, {"url": "http://mail.openvms.org:8100/Lists/alerts/Message/583.html", "name": "[openvms-alerts] 20071003 VMS83I_LAN-V0600, ECO Kit Release", "tags": ["Patch"], "refsource": "MLIST"}, {"url": "http://www.securityfocus.com/bid/25939", "name": "25939", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/27084", "name": "27084", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/37813", "name": "37813", "tags": [], "refsource": "OSVDB"}, {"url": "http://osvdb.org/37812", "name": "37812", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2007/3382", "name": "ADV-2007-3382", "tags": [], "refsource": "VUPEN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON.EXE in HP OpenVMS 8.3 and earlier allows remote attackers to cause a denial of service (machine crash) via an \"oversize\" packet, which is not properly discarded if \"the device has no remaining buffers after receipt of the first buffer segment.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-5242", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-10-06T16:17Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:hp:openvms:*:*:alpha:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "8.3"}, {"cpe23Uri": "cpe:2.3:o:hp:openvms:*:*:integrity:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "8.3"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-03-08T03:00Z"}