Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5690

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2007-5690
Last Modified 05 Sep 2008 05:31:25
Published 29 Oct 2007 03:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2007-5690

Summary

** DISPUTED ** Buffer overflow in sethdlc.c in the Asterisk Zaptel 1.4.5.1 might allow local users to gain privileges via a long device name (interface name) in the ifr_name field. NOTE: the vendor disputes this issue, stating that the application requires root access, so privilege boundaries are not crossed.

Vulnerable Systems

Application

  • Asterisk Zaptel 1.4.5.1


References

XF - zaptel-sethdlc-bo(37335)

SECTRACK - 1018885

BID - 26160

BUGTRAQ - 20071108 AST-2007-024 - Fallacious security advisory spread on the Internet involving buffer overflow in Zaptel's sethdlc application

BUGTRAQ - 20071020 [ELEYTT] Public Advisory 20-10-2007

MISC - http://www.eleytt.com/advisories/eleytt_ZAPTEL.pdf

SREASON - 3319

MISC - http://downloads.digium.com/pub/asa/AST-2007-024.html


Last Updated: 27 May 2016 10:46:14