Vulnerabilities > CVE-2008-0767 - Numeric Errors vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier does not verify that a certain "number of URLs" field is consistent with the packet length, which allows remote attackers to cause a denial of service (daemon crash) via a large integer in this field in a packet to the Service Location Protocol (SLP) service on UDP port 427, triggering an out-of-bounds read.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Group Logic ExtremeZ-IP File and Print Servers 5.1.2 x15 Multiple Vulnerabilities. CVE-2008-0767. Remote exploit for hardware platform |
| id | EDB-ID:31132 |
| last seen | 2016-02-03 |
| modified | 2008-02-10 |
| published | 2008-02-10 |
| reporter | Luigi Auriemma |
| source | https://www.exploit-db.com/download/31132/ |
| title | Group Logic ExtremeZ-IP File and Print Servers 5.1.2 x15 - Multiple Vulnerabilities |
Statements
| contributor | |
| lastmodified | 2008-02-21 |
| organization | Group Logic |
| statement | Group Logic has fixed this issue in the ExtremeZ-IP 5.1.3x03 hotfix released on February 20, 2008. The update is free for all customers with active service contracts who own a version 5.x license and can be downloaded from http://www.grouplogic.com/files/ez/hot/hotFix51.cfm |
References
- http://aluigi.altervista.org/adv/ezipirla-adv.txt
- http://aluigi.org/poc/ezipirla.zip
- http://secunia.com/advisories/28862
- http://www.grouplogic.com/files/ez/hot/hotFix51.cfm
- http://www.securityfocus.com/archive/1/487952/100/0/threaded
- http://www.securityfocus.com/bid/27718
- http://www.vupen.com/english/advisories/2008/0485