CVE-2007-0160 - OpenCVE

Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real name strings.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Centericq	Centericq

Configuration 1 [-]

OR	cpe:2.3:a:centericq:centericq:4.9.11:::::::*
	cpe:2.3:a:centericq:centericq:4.9.12:::::::*
	cpe:2.3:a:centericq:centericq:4.12:::::::*
	cpe:2.3:a:centericq:centericq:4.13:::::::*
	cpe:2.3:a:centericq:centericq:4.14:::::::*
	cpe:2.3:a:centericq:centericq:4.20:::::::*
	cpe:2.3:a:centericq:centericq:4.21:::::::*

No data.

References

Link	Providers
http://osvdb.org/33408
http://securityreason.com/securityalert/2129
http://securitytracker.com/id?1017545
http://www.gentoo.org/security/en/glsa/glsa-200701-20.xml
http://www.securityfocus.com/archive/1/456255/100/0/threaded
http://www.securityfocus.com/bid/21932
http://www.vupen.com/english/advisories/2007/0306
https://exchange.xforce.ibmcloud.com/vulnerabilities/31330

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-10T00:00:00

Updated: 2024-08-07T12:12:17.411Z

Reserved: 2007-01-09T00:00:00

Link: CVE-2007-0160

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-01-10T00:28:00.000

Modified: 2018-10-16T16:31:28.383

Link: CVE-2007-0160

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-07T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real name strings."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "2129", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2129"}, {"name": "21932", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21932"}, {"name": "ADV-2007-0306", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0306"}, {"name": "centericq-username-bo(31330)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31330"}, {"name": "GLSA-200701-20", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-20.xml"}, {"name": "1017545", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017545"}, {"name": "20070107 TK53 Advisory #1: CenterICQ remote DoS buffer overflow in LiveJournal handling", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/456255/100/0/threaded"}, {"name": "33408", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/33408"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0160", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real name strings."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "2129", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2129"}, {"name": "21932", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21932"}, {"name": "ADV-2007-0306", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0306"}, {"name": "centericq-username-bo(31330)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31330"}, {"name": "GLSA-200701-20", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-20.xml"}, {"name": "1017545", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017545"}, {"name": "20070107 TK53 Advisory #1: CenterICQ remote DoS buffer overflow in LiveJournal handling", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/456255/100/0/threaded"}, {"name": "33408", "refsource": "OSVDB", "url": "http://osvdb.org/33408"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:12:17.411Z"}, "title": "CVE Program Container", "references": [{"name": "2129", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2129"}, {"name": "21932", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21932"}, {"name": "ADV-2007-0306", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0306"}, {"name": "centericq-username-bo(31330)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31330"}, {"name": "GLSA-200701-20", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-20.xml"}, {"name": "1017545", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017545"}, {"name": "20070107 TK53 Advisory #1: CenterICQ remote DoS buffer overflow in LiveJournal handling", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/456255/100/0/threaded"}, {"name": "33408", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/33408"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0160", "datePublished": "2007-01-10T00:00:00", "dateReserved": "2007-01-09T00:00:00", "dateUpdated": "2024-08-07T12:12:17.411Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:centericq:centericq:4.9.11:*:*:*:*:*:*:*", "matchCriteriaId": "BF0ACE60-DE41-43A1-BE91-A12573457757", "vulnerable": true}, {"criteria": "cpe:2.3:a:centericq:centericq:4.9.12:*:*:*:*:*:*:*", "matchCriteriaId": "0C09B7EF-8FAE-4DB6-9C47-39B70F30B988", "vulnerable": true}, {"criteria": "cpe:2.3:a:centericq:centericq:4.12:*:*:*:*:*:*:*", "matchCriteriaId": "1BC23E15-D1DD-46A5-BAEB-C985C4E6B354", "vulnerable": true}, {"criteria": "cpe:2.3:a:centericq:centericq:4.13:*:*:*:*:*:*:*", "matchCriteriaId": "C9823A36-1B02-4F28-BA93-7D0065253D04", "vulnerable": true}, {"criteria": "cpe:2.3:a:centericq:centericq:4.14:*:*:*:*:*:*:*", "matchCriteriaId": "8EE7391D-D3C7-4ACB-B76F-0D230243B392", "vulnerable": true}, {"criteria": "cpe:2.3:a:centericq:centericq:4.20:*:*:*:*:*:*:*", "matchCriteriaId": "CDDEC439-FC61-4C6F-887C-9B30D9440055", "vulnerable": true}, {"criteria": "cpe:2.3:a:centericq:centericq:4.21:*:*:*:*:*:*:*", "matchCriteriaId": "40D97C71-684F-4E8E-89BB-B69E39E27813", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real name strings."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el soporte LiveJournal (hooks/ljhook.cc) en CenterICQ versi\u00f3n 4.9.11 hasta versi\u00f3n 4.21.0, cuando se utilizan servidores LiveJournal no oficiales, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo) y posiblemente ejecutar c\u00f3digo arbitrario mediante la adici\u00f3n de la v\u00edctima como amigo y el uso de (1) nombre de usuario largos y (2) cadenas de nombre real largas."}], "evaluatorSolution": "Failed exploitation attempts will likely result in a denial-of-service condition.", "id": "CVE-2007-0160", "lastModified": "2018-10-16T16:31:28.383", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-01-10T00:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/33408"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2129"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017545"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-20.xml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/456255/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/21932"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/0306"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31330"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}