CVE-2007-1770 - OpenCVE

Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Esri	Arcsde

Configuration 1 [-]

OR	cpe:2.3:a:esri:arcsde:8.3:-::::::
	cpe:2.3:a:esri:arcsde:8.3:sp1::::::
	cpe:2.3:a:esri:arcsde:9.0:-::::::
	cpe:2.3:a:esri:arcsde:9.0:sp1::::::
	cpe:2.3:a:esri:arcsde:9.0:sp2::::::
	cpe:2.3:a:esri:arcsde:9.1:-::::::
	cpe:2.3:a:esri:arcsde:9.1:sp1::::::
	cpe:2.3:a:esri:arcsde:9.1:sp2::::::

No data.

References

Link	Providers
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507
http://secunia.com/advisories/24639
http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1260
http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1261
http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1262
http://www.securityfocus.com/bid/23175
http://www.securitytracker.com/id?1017874
http://www.vupen.com/english/advisories/2007/1140
https://exchange.xforce.ibmcloud.com/vulnerabilities/33282
https://exchange.xforce.ibmcloud.com/vulnerabilities/33457

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-03-30T01:00:00

Updated: 2024-08-07T13:06:26.434Z

Reserved: 2007-03-29T00:00:00

Link: CVE-2007-1770

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2007-03-30T01:19:00.000

Modified: 2024-07-11T18:04:46.107

Link: CVE-2007-1770

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-03-27T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1017874", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017874"}, {"name": "23175", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23175"}, {"name": "arcsde-tcpport-bo(33457)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33457"}, {"name": "24639", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24639"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1261"}, {"name": "arcsde-three-tiered-dos(33282)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33282"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1262"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1260"}, {"name": "20070404 ESRI ArcSDE Buffer Overflow Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507"}, {"name": "ADV-2007-1140", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1140"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1770", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1017874", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017874"}, {"name": "23175", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23175"}, {"name": "arcsde-tcpport-bo(33457)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33457"}, {"name": "24639", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24639"}, {"name": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1261", "refsource": "CONFIRM", "url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1261"}, {"name": "arcsde-three-tiered-dos(33282)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33282"}, {"name": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1262", "refsource": "CONFIRM", "url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1262"}, {"name": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1260", "refsource": "CONFIRM", "url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1260"}, {"name": "20070404 ESRI ArcSDE Buffer Overflow Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507"}, {"name": "ADV-2007-1140", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1140"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:06:26.434Z"}, "title": "CVE Program Container", "references": [{"name": "1017874", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1017874"}, {"name": "23175", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23175"}, {"name": "arcsde-tcpport-bo(33457)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33457"}, {"name": "24639", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24639"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1261"}, {"name": "arcsde-three-tiered-dos(33282)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33282"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1262"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1260"}, {"name": "20070404 ESRI ArcSDE Buffer Overflow Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507"}, {"name": "ADV-2007-1140", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1140"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1770", "datePublished": "2007-03-30T01:00:00", "dateReserved": "2007-03-29T00:00:00", "dateUpdated": "2024-08-07T13:06:26.434Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:esri:arcsde:8.3:-:*:*:*:*:*:*", "matchCriteriaId": "A82958BE-AD51-4B8A-880F-78A24EC0D5B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:esri:arcsde:8.3:sp1:*:*:*:*:*:*", "matchCriteriaId": "FDD89080-78A0-45D6-AF09-249F060C90EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:esri:arcsde:9.0:-:*:*:*:*:*:*", "matchCriteriaId": "66DEC285-378A-45FA-9F4A-C8D09BC1BCD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:esri:arcsde:9.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "660B27C9-40DA-4EF3-AE23-EE504311E18F", "vulnerable": true}, {"criteria": "cpe:2.3:a:esri:arcsde:9.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "CF458849-D6F1-4D96-B444-AA87C8F07FBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:esri:arcsde:9.1:-:*:*:*:*:*:*", "matchCriteriaId": "B8555DEF-F5C8-4D43-B5FC-E40D31914216", "vulnerable": true}, {"criteria": "cpe:2.3:a:esri:arcsde:9.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "BCB60950-B362-48CD-A174-C03A4ADD9670", "vulnerable": true}, {"criteria": "cpe:2.3:a:esri:arcsde:9.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "0DB4846B-DB82-484C-815C-04D8748F8759", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en el servicio ArcSDE (giomgr) en Environmental Systems Research Institute (ESRI) ArcGIS versiones anteriores a 9.2 Service Pack 2, cuando se usan tres configuraciones de ArcSDE por niveles, permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo de giomgr) y ejecutar c\u00f3digo arbitrario por medio de par\u00e1metros largos en peticiones especialmente dise\u00f1adas."}], "id": "CVE-2007-1770", "lastModified": "2024-07-11T18:04:46.107", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-03-30T01:19:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/24639"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1260"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1261"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1262"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/23175"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1017874"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2007/1140"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33282"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33457"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}