CVE-2007-2053 - OpenCVE

Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Afflib	Afflib

Configuration 1 [-]

cpe:2.3:a:afflib:afflib:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/35613
http://osvdb.org/35614
http://osvdb.org/35615
http://securityreason.com/securityalert/2655
http://www.securityfocus.com/archive/1/467038/100/0/threaded
http://www.securityfocus.com/bid/23695
http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/33961

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-30T22:00:00

Updated: 2024-08-07T13:23:50.423Z

Reserved: 2007-04-16T00:00:00

Link: CVE-2007-2053

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-04-30T22:19:00.000

Modified: 2018-10-16T16:41:46.130

Link: CVE-2007-2053

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-27T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "2655", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2655"}, {"name": "35613", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35613"}, {"tags": ["x_refsource_MISC"], "url": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt"}, {"name": "35614", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35614"}, {"name": "35615", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35615"}, {"name": "afflib-multiple-bo(33961)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33961"}, {"name": "20070427 AFFLIB(TM): Multiple Buffer Overflows", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/467038/100/0/threaded"}, {"name": "23695", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23695"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2053", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "2655", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2655"}, {"name": "35613", "refsource": "OSVDB", "url": "http://osvdb.org/35613"}, {"name": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt", "refsource": "MISC", "url": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt"}, {"name": "35614", "refsource": "OSVDB", "url": "http://osvdb.org/35614"}, {"name": "35615", "refsource": "OSVDB", "url": "http://osvdb.org/35615"}, {"name": "afflib-multiple-bo(33961)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33961"}, {"name": "20070427 AFFLIB(TM): Multiple Buffer Overflows", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/467038/100/0/threaded"}, {"name": "23695", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23695"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:23:50.423Z"}, "title": "CVE Program Container", "references": [{"name": "2655", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2655"}, {"name": "35613", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35613"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt"}, {"name": "35614", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35614"}, {"name": "35615", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35615"}, {"name": "afflib-multiple-bo(33961)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33961"}, {"name": "20070427 AFFLIB(TM): Multiple Buffer Overflows", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/467038/100/0/threaded"}, {"name": "23695", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23695"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2053", "datePublished": "2007-04-30T22:00:00", "dateReserved": "2007-04-16T00:00:00", "dateUpdated": "2024-08-07T13:23:50.423Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:afflib:afflib:*:*:*:*:*:*:*:*", "matchCriteriaId": "A201CC59-48F8-4FA9-B17E-00D75CF41235", "versionEndIncluding": "2.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basados en pila en AFFLIB before 2.2.6 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante (1) un valor largo LastModified en una respuesta S3 XML en lib/s3.cpp; (2) una larga (a) ruta \u00f3(b) contenedor (bucket) en una URL S3 en lib/vnode_s3.cpp; \u00f3 (3) una larga (c) EFW, (d) AFD, \u00f3 (c) ruta de imagen aimage. \r\nNOTA: El vector aimage (3c) ha sido retirado del aviso original del investigador, dado que el c\u00f3digo no se invoca en ninguna versi\u00f3n de AFFLIB."}], "evaluatorSolution": "The vendor has addressed this issue through a product update:\r\nhttp://www.afflib.org/downloads/\r\n", "id": "CVE-2007-2053", "lastModified": "2018-10-16T16:41:46.130", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-30T22:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/35613"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35614"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35615"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2655"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/467038/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/23695"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33961"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}