CVE-2007-2053 - Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denia

CVE-2007-2053

Summary

Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB. The vendor has addressed this issue through a product update: http://www.afflib.org/downloads/

References

Vulnerable Configurations

cpe:2.3:a:afflib:afflib:*:*:*:*:*:*:*:*
cpe:2.3:a:afflib:afflib:*:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 16-10-2018 - 16:41)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	23695
bugtraq	20070427 AFFLIB(TM): Multiple Buffer Overflows
misc	http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt
osvdb	35613 35614 35615
sreason	2655
xf	afflib-multiple-bo(33961)

Last major update

16-10-2018 - 16:41

Published

30-04-2007 - 22:19

Last modified

16-10-2018 - 16:41