Vulnerabilities > CVE-2008-0767 - Numeric Errors vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
extremez-ip
extremez
CWE-189
exploit available
NVD
Published: 2008-02-13
Updated: 2024-11-21

Summary

ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier does not verify that a certain "number of URLs" field is consistent with the packet length, which allows remote attackers to cause a denial of service (daemon crash) via a large integer in this field in a packet to the Service Location Protocol (SLP) service on UDP port 427, triggering an out-of-bounds read.

Vulnerable Configurations

Part Description Count
Application
Extremez-Ip
1
Application
Extremez
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionGroup Logic ExtremeZ-IP File and Print Servers 5.1.2 x15 Multiple Vulnerabilities. CVE-2008-0767. Remote exploit for hardware platform
idEDB-ID:31132
last seen2016-02-03
modified2008-02-10
published2008-02-10
reporterLuigi Auriemma
sourcehttps://www.exploit-db.com/download/31132/
titleGroup Logic ExtremeZ-IP File and Print Servers 5.1.2 x15 - Multiple Vulnerabilities

Statements

contributor
lastmodified2008-02-21
organizationGroup Logic
statementGroup Logic has fixed this issue in the ExtremeZ-IP 5.1.3x03 hotfix released on February 20, 2008. The update is free for all customers with active service contracts who own a version 5.x license and can be downloaded from http://www.grouplogic.com/files/ez/hot/hotFix51.cfm

References