ID CVE-2007-6426
Type cve
Reporter NVD
Modified 2018-10-15T17:53:14
Description
Multiple heap-based buffer overflows in EMC RepliStor 6.2 SP2, and possibly earlier versions, allow remote attackers to execute arbitrary code via crafted compressed data.
{"id": "CVE-2007-6426", "bulletinFamily": "NVD", "title": "CVE-2007-6426", "description": "Multiple heap-based buffer overflows in EMC RepliStor 6.2 SP2, and possibly earlier versions, allow remote attackers to execute arbitrary code via crafted compressed data.", "published": "2008-02-20T19:44:00", "modified": "2018-10-15T17:53:14", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6426", "reporter": "NVD", "references": ["http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=664", "http://www.securityfocus.com/bid/27915", "http://www.securitytracker.com/id?1019457", "http://www.vupen.com/english/advisories/2008/0625", "http://www.securityfocus.com/archive/1/488419/100/0/threaded"], "cvelist": ["CVE-2007-6426"], "type": "cve", "lastseen": "2018-10-16T10:51:39", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:emc:replistor:6.2_sp2"], "cvelist": ["CVE-2007-6426"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}, "description": "Multiple heap-based buffer overflows in EMC RepliStor 6.2 SP2, and possibly earlier versions, allow remote attackers to execute arbitrary code via crafted compressed data.", "edition": 1, "enchantments": {"score": {"modified": "2016-09-03T09:52:25", "value": 7.5, "vector": "NONE"}}, "hash": "48c6494e394446d965c77346fa17b8fdf4937c0b2804d0a5057f84ae4005164c", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "bafb98caa6c9fce13b6f0d33c4473659", "key": "cvelist"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "8e7ac373a0d12b1a940d64f6855bf6e9", "key": "references"}, {"hash": "99eaaaf9134ee9a0cf7231ff720d4b1c", "key": "cvss"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "9761fc603e710a96b92544cc2bf750d3", "key": "description"}, {"hash": "717c52a326c585734a4acaeda316f21c", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "bdcfa39c5286065b9b257267ed723970", "key": "title"}, {"hash": "a78ec2b47d422efdaa7aee5f898f5a7e", "key": "published"}, {"hash": "abddb182004babf1486deddb5eb93940", "key": "cpe"}, {"hash": "12e604eaa09778d3c8ba097057ab6017", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6426", "id": "CVE-2007-6426", "lastseen": "2016-09-03T09:52:25", "modified": "2011-03-07T22:02:42", "objectVersion": "1.2", "published": "2008-02-20T19:44:00", "references": ["http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=664", "http://www.securityfocus.com/archive/1/archive/1/488419/100/0/threaded", "http://www.securityfocus.com/bid/27915", "http://www.securitytracker.com/id?1019457", "http://www.vupen.com/english/advisories/2008/0625"], "reporter": "NVD", "scanner": [], "title": "CVE-2007-6426", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T09:52:25"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "abddb182004babf1486deddb5eb93940"}, {"key": "cvelist", "hash": "bafb98caa6c9fce13b6f0d33c4473659"}, {"key": "cvss", "hash": "99eaaaf9134ee9a0cf7231ff720d4b1c"}, {"key": "description", "hash": "9761fc603e710a96b92544cc2bf750d3"}, {"key": "href", "hash": "717c52a326c585734a4acaeda316f21c"}, {"key": "modified", "hash": "ab748a81607fe632737390d05a46e274"}, {"key": "published", "hash": "a78ec2b47d422efdaa7aee5f898f5a7e"}, {"key": "references", "hash": "797ca824e626cc4df99e2f3c51e6fe80"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "bdcfa39c5286065b9b257267ed723970"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "88411eeb3a4f9628ec8e5022f46166d316a39582acea4b03c7c4dfdc973ac6c2", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2018-10-16T10:51:39"}, "dependencies": {"references": [{"type": "nessus", "idList": ["EMC_REPLISTOR_MULTIPLE.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8712"]}], "modified": "2018-10-16T10:51:39"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:emc:replistor:6.2_sp2"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"nessus": [{"lastseen": "2019-01-16T20:08:52", "bulletinFamily": "scanner", "description": "According to its version, the installation of EMC RepliStor Server on\nthe remote host is affected by multiple heap overvlow vulnerabilities. \nBy sending a specially crafted request, an unauthorized attacker could\nexecute arbitrary code with SYSTEM level privileges.", "modified": "2018-07-10T00:00:00", "published": "2009-01-27T00:00:00", "id": "EMC_REPLISTOR_MULTIPLE.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=35467", "title": "EMC RepliStor Multiple Remote Heap Based Buffer Overflows", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif (NASL_LEVEL < 3207) exit(0);\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35467);\n script_version(\"1.9\");\n\n script_cve_id(\"CVE-2007-6426\");\n script_bugtraq_id(27915);\n\n script_name(english:\"EMC RepliStor Multiple Remote Heap Based Buffer Overflows\");\n script_summary(english:\"Checks version of EMC RepliStor\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote software is affected by multiple vulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the installation of EMC RepliStor Server on\nthe remote host is affected by multiple heap overvlow vulnerabilities. \nBy sending a specially crafted request, an unauthorized attacker could\nexecute arbitrary code with SYSTEM level privileges.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dade10b4\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to RepliStor 6.1 SP5 / 6.2 SP4 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2009/01/27\");\n script_cvs_date(\"Date: 2018/07/10 14:27:33\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gain a shell remotely\");\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"emc_replistor.nbin\");\n script_require_keys(\"EMC/RepliStor/Version\");\n script_require_ports(7144);\n\n exit(0);\n}\n\nver = get_kb_item(\"EMC/RepliStor/Version\");\nif (!ver) exit(0);\n\nport = 7144;\n\n# Exit on version 6.1 SP5 / 6.2 SP4\n# Version 6.1 SP2 (Build 450b)\n\nmatches = eregmatch(string:ver, pattern:\"^Version ([0-9]+)\\.([0-9]+) (SP([0-9])+ )?\\(Build ([0-9a-z]+)\\)$\");\nif (!isnull(matches))\n{\n ver_major = int(matches[1]);\n ver_minor = int(matches[2]);\n sp = int(matches[4]);\n build = matches[5];\n\n if (\n (ver_major < 6) ||\n (ver_major == 6 && ver_minor == 1 && sp < 5) ||\n (ver_major == 6 && ver_minor == 2 && sp < 4) \n )\n security_hole(port);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:28", "bulletinFamily": "software", "description": "Multiple security vulnerabilities on TCP/7144 and TCP/7145 traffic parsing.", "modified": "2008-02-22T00:00:00", "published": "2008-02-22T00:00:00", "id": "SECURITYVULNS:VULN:8712", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8712", "title": "EMC Replistor multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}}]}
