CVE-2007-0460

Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to "improper string length calculations."

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/32939
http://secunia.com/advisories/23863	Vendor Advisory
http://secunia.com/advisories/24524	Vendor Advisory
http://security.gentoo.org/glsa/glsa-200703-17.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:028
http://www.novell.com/linux/security/advisories/2007_01_sr.html	Vendor Advisory
http://www.securityfocus.com/bid/22139

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:suse:suse_linux::::::::
	cpe:2.3:o:suse:suse_linux:9.3:::::::*

History

No history.

Information

Published : 2007-01-24 01:28

Updated : 2023-12-10 10:40

NVD link : CVE-2007-0460

Mitre link : CVE-2007-0460

CVE.ORG link : CVE-2007-0460

JSON object : View

Products Affected

suse

suse_linux

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2007-0460", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-01-24T01:28:00.000", "references": [{"url": "http://osvdb.org/32939", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23863", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24524", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200703-17.xml", "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:028", "source": "cve@mitre.org"}, {"url": "http://www.novell.com/linux/security/advisories/2007_01_sr.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22139", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to \"improper string length calculations.\""}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en ulogd para SUSE Linux versiones 9.3 hasta 10.1, y posiblemente otras distribuciones, presenta un impacto desconocido y vectores de ataque relacionados con \"improper string length calculations.\""}], "lastModified": "2010-09-15T05:41:23.013", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:suse:suse_linux:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09A28F9C-E260-45CA-8D40-7F1BA9AAE966", "versionEndIncluding": "10.1"}, {"criteria": "cpe:2.3:o:suse:suse_linux:9.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7D073E9-E535-4B36-BEF2-8499536E37DA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}