Lucene search

SAINT CorporationSAINT:A0D6E2C0F955582EE15C3F5F4B1420BC

HistoryMay 15, 2008 - 12:00 a.m.

Motorola Timbuktu login request buffer overflow

2008-05-1500:00:00

SAINT Corporation

download.saintcorporation.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.238 Low

EPSS

Percentile

96.6%

JSON

Added: 05/15/2008
CVE: CVE-2007-4221
BID: 25454
OSVDB: 40124

Background

Motorola Timbuktu is remote control software for Windows and Mac. It runs a service which listens for connections on port 407/TCP or 407/UDP.

Problem

A buffer overflow vulnerability when processing login requests allows remote attackers to execute arbitrary commands by sending a long, specially crafted user name to the Timbuktu service.

Resolution

Upgrade to Timbuktu Pro version 8.6.5.

References

<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=590>

Limitations

Exploit works on Motorola Timbuktu Pro 8.6.3.

Platforms

Windows

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.238 Low

EPSS

Percentile

96.6%

JSON

Related for SAINT:A0D6E2C0F955582EE15C3F5F4B1420BC