CVE-2007-4358

Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of service (application crash) via a JOIN packet (aka connection packet) containing 0x69 in the ninth byte, which triggers a "double-delete" of trace data, a different vulnerability than CVE-2005-1643.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://aluigi.altervista.org/adv/zoidboom2-adv.txt
http://aluigi.org/poc/zoidboom2.zip
http://secunia.com/advisories/26451
http://securityreason.com/securityalert/3014
http://www.securityfocus.com/archive/1/476523/100/0/threaded
http://www.securityfocus.com/bid/25326	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/36018

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zoidcom:zoidcom:0.6.5:::::::*
	cpe:2.3:a:zoidcom:zoidcom:0.6.7:::::::*

History

No history.

Information

Published : 2007-08-15 19:17

Updated : 2024-02-28 11:01

NVD link : CVE-2007-4358

Mitre link : CVE-2007-4358

CVE.ORG link : CVE-2007-4358

JSON object : View

Products Affected

zoidcom

zoidcom

CWE

NVD-CWE-Other

{"id": "CVE-2007-4358", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-08-15T19:17:00.000", "references": [{"url": "http://aluigi.altervista.org/adv/zoidboom2-adv.txt", "source": "cve@mitre.org"}, {"url": "http://aluigi.org/poc/zoidboom2.zip", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26451", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/3014", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/476523/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25326", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36018", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of service (application crash) via a JOIN packet (aka connection packet) containing 0x69 in the ninth byte, which triggers a \"double-delete\" of trace data, a different vulnerability than CVE-2005-1643."}, {"lang": "es", "value": "Zoidcom 0.6.7 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) mediante un paquete JOIN (tambi\u00e9n conocido como paquete de conexi\u00f3n) que contiene 0x69 en el noveno byte, lo cual dispara un \"doble borrado\" de datos de traza, una vulnerabilidad diferente de CVE-2005-1643."}], "lastModified": "2018-10-15T21:34:49.090", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zoidcom:zoidcom:0.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "096AF9A8-D5CD-4034-B5B7-E445C8905EB4"}, {"criteria": "cpe:2.3:a:zoidcom:zoidcom:0.6.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2785EC50-734A-4A58-BAB4-4DE8C63F88C2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}