Lucene search

[email protected]CVE-2007-4004

HistoryJul 26, 2007 - 10:30 p.m.

CVE-2007-4004

2007-07-2622:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2007-4004

buffer overflow

ibm aix

ftp client

local exploit

arbitrary code execution

privilege boundary

7.5 High

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

8.7%

JSON

Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows local users to execute arbitrary code via unspecified vectors that trigger the overflow in a gets function call. NOTE: the client is setuid root on AIX, so this issue crosses privilege boundaries.

CPENameOperatorVersion
ibm:aixibm aixeq5.2.0
ibm:aixibm aixeq5.3

CPE	Name	Operator	Version
ibm:aix	ibm aix	eq	5.2.0
ibm:aix	ibm aix	eq	5.3

References

ftp://aix.software.ibm.com/aix/efixes/security/README

labs.idefense.com/intelligence/vulnerabilities/display.php?id=571

secunia.com/advisories/26219

www-1.ibm.com/support/docview.wss?uid=isg1IZ01812

www-1.ibm.com/support/docview.wss?uid=isg1IZ01813

www.securityfocus.com/bid/25077

www.securitytracker.com/id?1018465

www.vupen.com/english/advisories/2007/2675

exchange.xforce.ibmcloud.com/vulnerabilities/35627

7.5 High

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

8.7%

JSON

Related for CVE-2007-4004

exploitdb1 seebug1 securityvulns2 prion1 nessus2