Lucene search

[email protected]CVE-2007-5761

HistoryJan 09, 2008 - 12:46 a.m.

CVE-2007-5761

2008-01-0900:46:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2007-5761

nantsys

motorola

netoctopus

weak permissions

denial of service

local users

privilege escalation

system crash

msr

nvd

6.8 Medium

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 has weak permissions for the \.\NantSys device interface (nantsys.sys), which allows local users to gain privileges or cause a denial of service (system crash), as demonstrated by modifying the SYSENTER_EIP_MSR CPU Model Specific Register (MSR) value.

CPENameOperatorVersion
motorola:netoctopusmotorola netoctopuseq5.1.2_build_1011

CPE	Name	Operator	Version
motorola:netoctopus	motorola netoctopus	eq	5.1.2_build_1011

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=636

secunia.com/advisories/28366

securitytracker.com/id?1019161

www.netopia.com/support/software/technotes/netoctopus/Removing_the_nantsys_Driver.pdf

www.securityfocus.com/bid/27175

www.vupen.com/english/advisories/2008/0062

exchange.xforce.ibmcloud.com/vulnerabilities/39503

6.8 Medium

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2007-5761

nessus1 prion1 securityvulns2 seebug1