CVE-2007-1329 - OpenCVE

Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Ledgersmb	Ledgersmb
Sql-ledger	Sql-ledger

Configuration 1 [-]

OR	cpe:2.3:a:ledgersmb:ledgersmb::::::::
	cpe:2.3:a:sql-ledger:sql-ledger:2.6.25:::::::*

References

Link	Resource
http://osvdb.org/33619
http://osvdb.org/33621
http://secunia.com/advisories/24363
http://secunia.com/advisories/24366
http://securityreason.com/securityalert/2381
http://securitytracker.com/id?1017715
http://www.securityfocus.com/archive/1/461630/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/32776

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-03-07T21:00:00

Updated: 2018-10-16T14:57:01

Reserved: 2007-03-07T00:00:00

Link: CVE-2007-1329

JSON object: View

NVD Information

Status : Modified

Published: 2007-03-07T21:19:00.000

Modified: 2018-10-16T16:37:57.987

Link: CVE-2007-1329

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-03-01T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "24363", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24363"}, {"name": "33619", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/33619"}, {"name": "33621", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/33621"}, {"name": "20070301 Full disclosure: Directory Transversal and Arbitrary Code Execution Vulnerability in SQL-Ledger and LedgerSMB", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/461630/100/0/threaded"}, {"name": "2381", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2381"}, {"name": "24366", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24366"}, {"name": "sqlledger-userpathmemberfile-dir-traversal(32776)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32776"}, {"name": "1017715", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017715"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1329", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "24363", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24363"}, {"name": "33619", "refsource": "OSVDB", "url": "http://osvdb.org/33619"}, {"name": "33621", "refsource": "OSVDB", "url": "http://osvdb.org/33621"}, {"name": "20070301 Full disclosure: Directory Transversal and Arbitrary Code Execution Vulnerability in SQL-Ledger and LedgerSMB", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/461630/100/0/threaded"}, {"name": "2381", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2381"}, {"name": "24366", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24366"}, {"name": "sqlledger-userpathmemberfile-dir-traversal(32776)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32776"}, {"name": "1017715", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017715"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1329", "datePublished": "2007-03-07T21:00:00", "dateReserved": "2007-03-07T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*", "matchCriteriaId": "17E0DA0F-6168-4BAD-8CA1-F867886A6546", "versionEndIncluding": "1.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.25:*:*:*:*:*:*:*", "matchCriteriaId": "7EC85020-344F-4B75-A79E-CA190FD8D335", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences."}, {"lang": "es", "value": "Vulnerabilidad de escalado de directorio en SQL-Ledger, y LedgerSMB versiones anteriores a 1.1.5, permite a atacantes remotos leer y sobre-escribir ficheros de su elecci\u00f3n, y ejecutar c\u00f3digo de su elecci\u00f3n mediante caracteres . (punto) adyacentes a cadenas (1) users y (2) users/members, que son eliminadas por funciones lista-negra que filtran dichas cadenas y las reducen en secuencias .. (punto punto)."}], "id": "CVE-2007-1329", "lastModified": "2018-10-16T16:37:57.987", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-03-07T21:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/33619"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/33621"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24363"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24366"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2381"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017715"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/461630/100/0/threaded"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32776"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}