Vulnerabilities > CVE-2007-2957 - Numeric Errors vulnerability in Mcafee E-Business Server
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, and before 8.1.2 for Linux, HP-UX, and AIX, allows remote attackers to execute arbitrary code via a large length value in an authentication packet, which results in a heap-based buffer overflow.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Common Weakness Enumeration (CWE)
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 26269 CVE(CAN) ID: CVE-2007-2957 McAfee e-Business Server用于为存储和共享文档的企业和个人提供透明加密。 McAfee E-Business Server的管理工具服务在解析认证报文时存在整数溢出漏洞,远程攻击者可能利用此漏洞控制服务器。 如果远程攻击者向服务器发送的认证报文包含有超长长度值的话,就可以触发这个溢出,最终导致堆溢出,允许在服务器上执行任意指令。 0 McAfee E-Business Server 8.1.1 for Linux 厂商补丁: McAfee ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="http://www.mcafee.com/" target="_blank">http://www.mcafee.com/</a> |
| id | SSV:2376 |
| last seen | 2017-11-19 |
| modified | 2007-11-02 |
| published | 2007-11-02 |
| reporter | Root |
| title | McAfee E-Business Server认证报文处理整数溢出漏洞 |
References
- http://secunia.com/advisories/26372
- http://secunia.com/secunia_research/2007-69/advisory/
- http://securitytracker.com/id?1018878
- http://www.securityfocus.com/bid/26269
- http://www.vupen.com/english/advisories/2007/3663
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38175
- https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=614035&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=614035