Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6181

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2007-6181
Last Modified 05 Sep 2008 05:32:34
Published 29 Nov 2007 07:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2007-6181

Summary

Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier allows context-dependent attackers to execute arbitrary code via a filename with a certain length, as demonstrated by a remote authenticated user who uses the SCP protocol to send a file to the Cygwin machine, and thereby causes scp.exe on this machine to execute, and then overwrite heap memory with characters from the filename. NOTE: it is also reported that a related issue might exist in 1.5.7 through 1.5.19.

Vulnerable Systems

Application

  • Redhat Cygwin 1.5.7-1


References

MLIST - [cygwin-developers] 20071108 Re: cygwin1.dll up to 1.5.22 overflow

BID - 26557

BUGTRAQ - 20071124 [ISecAuditors Security Advisories] Cygwin buffer overflow due incorrect filename length check

MLIST - [cygwin-developers] 20071120 Re: cygwin1.dll up to 1.5.22 overflow

SREASON - 3406


Last Updated: 27 May 2016 10:46:24