Vulnerabilities > CVE-2007-1273 - Integer Overflow vulnerability in Navision Financials Server 3.0

CVSS 6.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

netbsd

navision

NVD

Published: 2007-03-10

Updated: 2009-10-14

Summary

Integer overflow in the ktruser function in NetBSD-current before 20061022, NetBSD 3 and 3-0 before 20061024, and NetBSD 2 before 20070209, when the kernel is built with the COMPAT_FREEBSD or COMPAT_DARWIN option, allows local users to cause a denial of service and possibly gain privileges.

Vulnerable Configurations

Part	Description	Count
OS	Netbsd Netbsd Netbsd 2.0 Netbsd Netbsd 2.0.1 Netbsd Netbsd 2.0.2 Netbsd Netbsd 2.0.3 Netbsd Netbsd 2.0.4 Netbsd Netbsd 2.1 Netbsd Netbsd 3.0.1 Netbsd Netbsd 4.0	8
Application	Navision Navision Financials Server 3.0	1

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-001.txt.asc
http://osvdb.org/35453
http://www.securityfocus.com/bid/22878