CVE Vulnerability

CVE-2007-2957

Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, and before 8.1.2 for Linux, HP-UX, and AIX, allows remote attackers to execute arbitrary code via a large length value in an authentication packet, which results in a heap-based buffer overflow.

9.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://secunia.com/secunia_research/2007-69/advisory/ Vendor Advisory
https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=614035&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=614035 Patch
http://secunia.com/advisories/26372 Vendor Advisory
http://www.securityfocus.com/bid/26269
http://securitytracker.com/id?1018878
http://www.vupen.com/english/advisories/2007/3663
https://exchange.xforce.ibmcloud.com/vulnerabilities/38175
Configurations

Configuration 1

cpe:2.3:a:mcafee:e-business_server:*:*:aix:*:*:*:*:*
cpe:2.3:a:mcafee:e-business_server:*:*:linux:*:*:*:*:*
cpe:2.3:a:mcafee:e-business_server:*:*:solaris:*:*:*:*:*
cpe:2.3:a:mcafee:e-business_server:*:*:hpux:*:*:*:*:*
Information

Published : 2007-10-31 10:46

Updated : 2017-07-29 01:31

NVD link : CVE-2007-2957

Mitre link : CVE-2007-2957

Products Affected
No products.
CWE
CWE-189