CVE-2007-5690 - Vulnerability Details - OpenCVE

Buffer overflow in sethdlc.c in the Asterisk Zaptel 1.4.5.1 might allow local users to gain privileges via a long device name (interface name) in the ifr_name field. NOTE: the vendor disputes this issue, stating that the application requires root access, so privilege boundaries are not crossed

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00051.

Key SSVC decision points have not yet been added.

Vendors	Products
Asterisk	Zaptel

Configuration 1 [-]

cpe:2.3:a:asterisk:zaptel:1.4.5.1:*:*:*:*:*:*:*

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://downloads.digium.com/pub/asa/AST-2007-024.html
http://securityreason.com/securityalert/3319
http://www.eleytt.com/advisories/eleytt_ZAPTEL.pdf
http://www.securityfocus.com/archive/1/482597/100/0/threaded
http://www.securityfocus.com/archive/1/483481/100/0/threaded
http://www.securityfocus.com/bid/26160
http://www.securitytracker.com/id?1018885
https://exchange.xforce.ibmcloud.com/vulnerabilities/37335
https://www.cve.org/CVERecord?id=CVE-2007-5690

History

Wed, 28 May 2025 14:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cve.org/CVERecord?id=CVE-2007-5690

Thu, 22 May 2025 04:30:00 +0000

Type	Values Removed	Values Added
References	https://nvd.nist.gov/vuln/detail/CVE-2007-5690 https://www.cve.org/CVERecord?id=CVE-2007-5690

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-29T19:00:00

Updated: 2024-08-07T15:39:13.605Z

Reserved: 2007-10-29T00:00:00

Link: CVE-2007-5690

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-10-29T19:46:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-5690

Redhat

Severity :

Publid Date: 2007-10-20T00:00:00Z

Links: CVE-2007-5690 - Bugzilla

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-20T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in sethdlc.c in the Asterisk Zaptel 1.4.5.1 might allow local users to gain privileges via a long device name (interface name) in the ifr_name field. NOTE: the vendor disputes this issue, stating that the application requires root access, so privilege boundaries are not crossed"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20071020 [ELEYTT] Public Advisory 20-10-2007", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/482597/100/0/threaded"}, {"name": "zaptel-sethdlc-bo(37335)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37335"}, {"tags": ["x_refsource_MISC"], "url": "http://downloads.digium.com/pub/asa/AST-2007-024.html"}, {"name": "20071108 AST-2007-024 - Fallacious security advisory spread on the Internet involving buffer overflow in Zaptel's sethdlc application", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/483481/100/0/threaded"}, {"name": "26160", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26160"}, {"name": "1018885", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018885"}, {"tags": ["x_refsource_MISC"], "url": "http://www.eleytt.com/advisories/eleytt_ZAPTEL.pdf"}, {"name": "3319", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3319"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5690", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** Buffer overflow in sethdlc.c in the Asterisk Zaptel 1.4.5.1 might allow local users to gain privileges via a long device name (interface name) in the ifr_name field. NOTE: the vendor disputes this issue, stating that the application requires root access, so privilege boundaries are not crossed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20071020 [ELEYTT] Public Advisory 20-10-2007", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/482597/100/0/threaded"}, {"name": "zaptel-sethdlc-bo(37335)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37335"}, {"name": "http://downloads.digium.com/pub/asa/AST-2007-024.html", "refsource": "MISC", "url": "http://downloads.digium.com/pub/asa/AST-2007-024.html"}, {"name": "20071108 AST-2007-024 - Fallacious security advisory spread on the Internet involving buffer overflow in Zaptel's sethdlc application", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/483481/100/0/threaded"}, {"name": "26160", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26160"}, {"name": "1018885", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018885"}, {"name": "http://www.eleytt.com/advisories/eleytt_ZAPTEL.pdf", "refsource": "MISC", "url": "http://www.eleytt.com/advisories/eleytt_ZAPTEL.pdf"}, {"name": "3319", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3319"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:39:13.605Z"}, "title": "CVE Program Container", "references": [{"name": "20071020 [ELEYTT] Public Advisory 20-10-2007", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/482597/100/0/threaded"}, {"name": "zaptel-sethdlc-bo(37335)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37335"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://downloads.digium.com/pub/asa/AST-2007-024.html"}, {"name": "20071108 AST-2007-024 - Fallacious security advisory spread on the Internet involving buffer overflow in Zaptel's sethdlc application", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/483481/100/0/threaded"}, {"name": "26160", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26160"}, {"name": "1018885", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018885"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.eleytt.com/advisories/eleytt_ZAPTEL.pdf"}, {"name": "3319", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3319"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5690", "datePublished": "2007-10-29T19:00:00", "dateReserved": "2007-10-29T00:00:00", "dateUpdated": "2024-08-07T15:39:13.605Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:asterisk:zaptel:1.4.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "D4D62B9C-BCC9-418B-BE37-50B1ECFC8115", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in sethdlc.c in the Asterisk Zaptel 1.4.5.1 might allow local users to gain privileges via a long device name (interface name) in the ifr_name field. NOTE: the vendor disputes this issue, stating that the application requires root access, so privilege boundaries are not crossed"}, {"lang": "es", "value": "** EN DISPUTA ** Desbordamiento de b\u00fafer en sethdlc.c de Asterisk Zaptel versi\u00f3n 1.4.5.1 podr\u00eda permitir a usuarios locales obtener privilegios mediante un nombre de dispositivo largo (nombre de intefaz) en el campo ifr_name. NOTA: el vendedor impugna este asunto, bas\u00e1ndose en que la aplicaci\u00f3n requiere acceso de root, por lo que los limites de privilegios no son cruzados."}], "id": "CVE-2007-5690", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-29T19:46:00.000", "references": [{"source": "cve@mitre.org", "url": "http://downloads.digium.com/pub/asa/AST-2007-024.html"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3319"}, {"source": "cve@mitre.org", "url": "http://www.eleytt.com/advisories/eleytt_ZAPTEL.pdf"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/482597/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/483481/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26160"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018885"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37335"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://downloads.digium.com/pub/asa/AST-2007-024.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3319"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.eleytt.com/advisories/eleytt_ZAPTEL.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/482597/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/483481/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/26160"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1018885"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37335"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}