Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4337

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2007-4337
Last Modified 07 Mar 2011 09:58:23
Published 14 Aug 2007 02:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4337

Summary

Multiple buffer overflows in the httplib_parse_sc_header function in lib/http.c in Streamripper before 1.62.2 allow remote attackers to execute arbitrary code via long (1) Location and (2) Server HTTP headers, a different vulnerability than CVE-2006-3124.

Vulnerable Systems

Application

  • Streamripper 1.61.1

  • Streamripper 1.61.17

  • Streamripper 1.61.24

  • Streamripper 1.61.25

  • Streamripper 1.61.26

  • Streamripper 1.62


References

CONFIRM - http://sourceforge.net/project/shownotes.php?group_id=6172&release_id=531738

VUPEN - ADV-2007-2858

SECTRACK - 1018553

BID - 25278

BUGTRAQ - 20070812 Streamripper 1.62.1 - Buffer Overflows

DEBIAN - DSA-1683

CONFIRM - http://streamripper.cvs.sourceforge.net/streamripper/sripper_1x/lib/http.c?r1=1.38&r2=1.39

GENTOO - GLSA-200709-03

SECUNIA - 33061

SECUNIA - 33052

SECUNIA - 26814

SECUNIA - 26406

OSVDB - 39533


Last Updated: 27 May 2016 10:45:50