Lucene search

[email protected]CVE-2007-5256

HistoryOct 06, 2007 - 5:17 p.m.

CVE-2007-5256

2007-10-0617:17:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2007-5256

stack-based buffer overflows

fsd

remote code execution

tcp

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.23 Low

EPSS

Percentile

96.6%

JSON

Multiple stack-based buffer overflows in FSD 2.052 d9 and earlier, and FSFDT FSD 3.000 d9 and earlier, allow (1) remote attackers to execute arbitrary code via a long HELP command on TCP port 3010 to the sysuser::exechelp function in sysuser.cc and (2) remote authenticated users to execute arbitrary code via long commands on TCP port 6809 to the servinterface::sendmulticast function in servinterface.cc, as demonstrated by a PIcallsign command.

Affected configurations

NVD

Node

mcdufsdMatch2.052_d9

mcdufsdMatch3.000_d9

CPENameOperatorVersion
mcdu:fsdmcdu fsdeq2.052_d9
mcdu:fsdmcdu fsdeq3.000_d9

CPE	Name	Operator	Version
mcdu:fsd	mcdu fsd	eq	2.052_d9
mcdu:fsd	mcdu fsd	eq	3.000_d9

References

aluigi.altervista.org/adv/fsdbof-adv.txt

secunia.com/advisories/27008

secunia.com/advisories/27045

securityreason.com/securityalert/3195

www.securityfocus.com/archive/1/481221/100/0/threaded

www.securityfocus.com/archive/1/481495/100/0/threaded

www.securityfocus.com/bid/25883

www.vupen.com/english/advisories/2007/3334

www.exploit-db.com/exploits/4484

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.23 Low

EPSS

Percentile

96.6%

JSON

Related for CVE-2007-5256

prion1 cvelist1 nvd1