Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4549

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-4549
Last Modified 05 Sep 2008 05:28:30
Published 27 Aug 2007 08:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4549

Summary

Multiple buffer overflows in ALPass 2.7 English and 3.02 Korean allow user-assisted remote attackers to execute arbitrary code via an ALPass DB (APW) file containing (1) a long file-key or (2) a "Site Information and Folder entry" with a ciphertext_length value much larger than the plaintext_length value.

Vulnerable Systems

Application

  • Altools Alpass 2.7

  • Altools Alpass 3.02


References

XF - alpass-alpass-db-file-bo(36235)

BID - 25435

MISC - http://vuln.sg/alpass27-en.html

XF - alpass-apw-bo(36257)

SECUNIA - 26616


Last Updated: 27 May 2016 10:45:54