Lucene search

[email protected]CVE-2007-1677

HistoryMar 30, 2007 - 12:19 a.m.

CVE-2007-1677

2007-03-3000:19:00

[email protected]

web.nvd.nist.gov

cve-2007-1677

buffer overflows

netbsd kernel

code execution

iso network protocol

nvd

6.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:C/I:C/A:C

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Multiple buffer overflows in the ISO network protocol support in the NetBSD kernel 2.0 through 4.0_BETA2, and NetBSD-current before 20070329, allow local users to execute arbitrary code via long parameters to certain functions, as demonstrated by a long sockaddr structure argument to the clnp_route function.

Affected configurations

NVD

Node

navision_softwarenavision_financials_serverMatch3.0

netbsdnetbsdMatch2.0

netbsdnetbsdMatch2.0.1

netbsdnetbsdMatch2.0.2

netbsdnetbsdMatch2.0.3

netbsdnetbsdMatch3.0.1

netbsdnetbsdMatch3.0.2

netbsdnetbsdMatch3.1

netbsdnetbsdMatch3.1rc1

netbsdnetbsdMatch3.1rc3

netbsdnetbsdMatch4.0

netbsdnetbsdMatch4.0beta

netbsdnetbsdMatch4.0beta2

CPENameOperatorVersion
navision_software:navision_financials_servernavision software navision financials servereq3.0
netbsd:netbsdnetbsdeq2.0
netbsd:netbsdnetbsdeq2.0.1
netbsd:netbsdnetbsdeq2.0.2
netbsd:netbsdnetbsdeq2.0.3
netbsd:netbsdnetbsdeq3.0.1
netbsd:netbsdnetbsdeq3.0.2
netbsd:netbsdnetbsdeq3.1
netbsd:netbsdnetbsdeq4.0

CPE	Name	Operator	Version
navision_software:navision_financials_server	navision software navision financials server	eq	3.0
netbsd:netbsd	netbsd	eq	2.0
netbsd:netbsd	netbsd	eq	2.0.1
netbsd:netbsd	netbsd	eq	2.0.2
netbsd:netbsd	netbsd	eq	2.0.3
netbsd:netbsd	netbsd	eq	3.0.1
netbsd:netbsd	netbsd	eq	3.0.2
netbsd:netbsd	netbsd	eq	3.1
netbsd:netbsd	netbsd	eq	4.0

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-004.txt.asc

osvdb.org/43596

www.securityfocus.com/bid/23193

www.securitytracker.com/id?1017832

www.vupen.com/english/advisories/2007/1159

exchange.xforce.ibmcloud.com/vulnerabilities/33381

6.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:C/I:C/A:C

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2007-1677

cvelist1 prion1 nvd1 securityvulns1