Vulnerabilities > CVE-2007-2053 - Remote Buffer Overflow vulnerability in AFFLIB LastModified
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB. The vendor has addressed this issue through a product update: http://www.afflib.org/downloads/
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://osvdb.org/35613
- http://osvdb.org/35614
- http://osvdb.org/35615
- http://securityreason.com/securityalert/2655
- http://www.securityfocus.com/archive/1/467038/100/0/threaded
- http://www.securityfocus.com/bid/23695
- http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33961