CVE-2007-4027 - Buffer overflow in cli32 in Areca CLI 1.72.250 and earlier might allow local users to gain privilege

CVE-2007-4027

Summary

Buffer overflow in cli32 in Areca CLI 1.72.250 and earlier might allow local users to gain privileges via a long argument. NOTE: this program is not setuid by default, but there are some usage scenarios in which an administrator might make it setuid.

References

http://osvdb.org/38999
http://securityreason.com/securityalert/2928
http://www.devtarget.org/areca-advisory-07-2007.txt
http://www.securityfocus.com/archive/1/474415/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/35546

Vulnerable Configurations

cpe:2.3:a:areca:cli:*:*:*:*:*:*:*:*
cpe:2.3:a:areca:cli:*:*:*:*:*:*:*:*

CVSS

Base:	6.6 (as of 15-10-2018 - 21:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:M/Au:S/C:C/I:C/A:C

refmap via4

bugtraq	20070722 Buffer overflow in Areca CLI, version <= 1.72.250
misc	http://www.devtarget.org/areca-advisory-07-2007.txt
osvdb	38999
sreason	2928
xf	arecacli-cli32-bo(35546)

Last major update

15-10-2018 - 21:32

Published

26-07-2007 - 19:30

Last modified

15-10-2018 - 21:32