Vulnerabilities > CVE-2007-5029 - Numeric Errors vulnerability in Dibbler 0.6.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Dibbler 0.6.0 does not verify that certain length parameters are appropriate for buffer sizes, which allows remote attackers to trigger a buffer over-read and cause a denial of service (daemon crash), as demonstrated by incorrect behavior of the TSrvMsg constructor in SrvMessages/SrvMsg.cpp when (1) reading the option code and option length and (2) parsing options.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
References
- http://klub.com.pl/dhcpv6/
- http://klub.com.pl/dhcpv6/
- http://labs.musecurity.com/wp-content/uploads/2007/09/mu-200709-02.txt
- http://labs.musecurity.com/wp-content/uploads/2007/09/mu-200709-02.txt
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065892.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065892.html
- http://osvdb.org/40569
- http://osvdb.org/40569
- http://secunia.com/advisories/26876
- http://secunia.com/advisories/26876
- http://www.securityfocus.com/bid/25726
- http://www.securityfocus.com/bid/25726
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36685
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36685