{"href": "https://vulners.com/osvdb/OSVDB:33408", "id": "OSVDB:33408", "reporter": "OSVDB", "published": "2007-01-07T23:39:33", "description": "# No description provided by the source\n\n## References:\nVendor Specific Solution URL: http://www.gentoo.org/security/en/glsa/glsa-200701-20.xml\nSecurity Tracker: 1017545\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0194.html\nISS X-Force ID: 31330\nFrSIRT Advisory: ADV-2007-0306\n[CVE-2007-0160](https://vulners.com/cve/CVE-2007-0160)\nBugtraq ID: 21932\n", "title": "CenterICQ LiveJournal Support hooks/ljhook.cc Overflow", "lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "references": [], "edition": 1, "cvelist": ["CVE-2007-0160"], "affectedSoftware": [], "viewCount": 0, "enchantments": {"score": {"value": 7.0, "vector": "NONE", "modified": "2017-04-28T13:20:29", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-0160"]}, {"type": "gentoo", "idList": ["GLSA-200701-20"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200701-20.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7014"]}, {"type": "openvas", "idList": ["OPENVAS:57980"]}], "modified": "2017-04-28T13:20:29", "rev": 2}, "vulnersScore": 7.0}, "modified": "2007-01-07T23:39:33"}

{"cve": [{"lastseen": "2020-10-03T11:45:48", "description": "Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real name strings.\nFailed exploitation attempts will likely result in a denial-of-service condition.", "edition": 3, "cvss3": {}, "published": "2007-01-10T00:28:00", "title": "CVE-2007-0160", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0160"], "modified": "2018-10-16T16:31:00", "cpe": ["cpe:/a:centericq:centericq:4.9.11", "cpe:/a:centericq:centericq:4.9.12", "cpe:/a:centericq:centericq:4.12", "cpe:/a:centericq:centericq:4.14", "cpe:/a:centericq:centericq:4.21", "cpe:/a:centericq:centericq:4.20", "cpe:/a:centericq:centericq:4.13"], "id": "CVE-2007-0160", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0160", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:centericq:centericq:4.21:*:*:*:*:*:*:*", "cpe:2.3:a:centericq:centericq:4.12:*:*:*:*:*:*:*", "cpe:2.3:a:centericq:centericq:4.9.12:*:*:*:*:*:*:*", "cpe:2.3:a:centericq:centericq:4.14:*:*:*:*:*:*:*", "cpe:2.3:a:centericq:centericq:4.20:*:*:*:*:*:*:*", "cpe:2.3:a:centericq:centericq:4.13:*:*:*:*:*:*:*", "cpe:2.3:a:centericq:centericq:4.9.11:*:*:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2016-09-06T19:46:55", "bulletinFamily": "unix", "cvelist": ["CVE-2007-0160"], "description": "### Background\n\nCentericq is a text mode menu-driven and window-driven instant messaging interface. \n\n### Description\n\nWhen interfacing with the LiveJournal service, Centericq does not appropriately allocate memory for incoming data, in some cases creating a buffer overflow. \n\n### Impact\n\nAn attacker could entice a user to connect to an unofficial LiveJournal server causing Centericq to read specially crafted data from the server, which could lead to the execution of arbitrary code with the rights of the user running Centericq. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nCurrently, Centericq is unmaintained. As such, Centericq has been masked in Portage until it is again maintained. \n \n \n # emerge --ask --verbose --unmerge \"net-im/centericq\"", "edition": 1, "modified": "2007-01-24T00:00:00", "published": "2007-01-24T00:00:00", "id": "GLSA-200701-20", "href": "https://security.gentoo.org/glsa/200701-20", "type": "gentoo", "title": "Centericq: Remote buffer overflow in LiveJournal handling", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0160"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200701-20.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:57980", "href": "http://plugins.openvas.org/nasl.php?oid=57980", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200701-20 (centericq)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Centericq does not properly handle communications with the LiveJournal\nservice, allowing for the remote execution of arbitrary code.\";\ntag_solution = \"Currently, Centericq is unmaintained. As such, Centericq has been masked in\nPortage until it is again maintained.\n\n # emerge --ask --verbose --unmerge 'net-im/centericq'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200701-20\nhttp://bugs.gentoo.org/show_bug.cgi?id=160793\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200701-20.\";\n\n \n\nif(description)\n{\n script_id(57980);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-0160\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200701-20 (centericq)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-im/centericq\", unaffected: make_list(), vulnerable: make_list(\"le 4.21.0-r2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:22", "bulletinFamily": "software", "cvelist": ["CVE-2007-0160"], "description": "Buffer overflow in LiveJournal support module.", "edition": 1, "modified": "2007-01-08T00:00:00", "published": "2007-01-08T00:00:00", "id": "SECURITYVULNS:VULN:7014", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7014", "title": "CenterICQ buffer overflow", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-07T10:52:10", "description": "The remote host is affected by the vulnerability described in GLSA-200701-20\n(Centericq: Remote buffer overflow in LiveJournal handling)\n\n When interfacing with the LiveJournal service, Centericq does not\n appropriately allocate memory for incoming data, in some cases creating\n a buffer overflow.\n \nImpact :\n\n An attacker could entice a user to connect to an unofficial LiveJournal\n server causing Centericq to read specially crafted data from the\n server, which could lead to the execution of arbitrary code with the\n rights of the user running Centericq.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2007-01-26T00:00:00", "title": "GLSA-200701-20 : Centericq: Remote buffer overflow in LiveJournal handling", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0160"], "modified": "2007-01-26T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:centericq"], "id": "GENTOO_GLSA-200701-20.NASL", "href": "https://www.tenable.com/plugins/nessus/24256", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200701-20.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24256);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-0160\");\n script_xref(name:\"GLSA\", value:\"200701-20\");\n\n script_name(english:\"GLSA-200701-20 : Centericq: Remote buffer overflow in LiveJournal handling\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200701-20\n(Centericq: Remote buffer overflow in LiveJournal handling)\n\n When interfacing with the LiveJournal service, Centericq does not\n appropriately allocate memory for incoming data, in some cases creating\n a buffer overflow.\n \nImpact :\n\n An attacker could entice a user to connect to an unofficial LiveJournal\n server causing Centericq to read specially crafted data from the\n server, which could lead to the execution of arbitrary code with the\n rights of the user running Centericq.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200701-20\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Currently, Centericq is unmaintained. As such, Centericq has been\n masked in Portage until it is again maintained.\n # emerge --ask --verbose --unmerge 'net-im/centericq'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:centericq\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/26\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/01/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-im/centericq\", unaffected:make_list(), vulnerable:make_list(\"le 4.21.0-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Centericq\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}