CVE-2007-2054 - OpenCVE

Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Afflib	Afflib

Configuration 1 [-]

cpe:2.3:a:afflib:afflib:*:*:*:*:*:*:*:*

References

Link	Resource
http://securityreason.com/securityalert/2657
http://www.securityfocus.com/archive/1/467040/100/0/threaded
http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33969

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-30T22:00:00

Updated: 2018-10-16T14:57:01

Reserved: 2007-04-16T00:00:00

Link: CVE-2007-2054

JSON object: View

NVD Information

Status : Modified

Published: 2007-04-30T22:19:00.000

Modified: 2018-10-16T16:41:46.647

Link: CVE-2007-2054

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-27T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "2657", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2657"}, {"name": "afflib-multiple-format-string(33969)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33969"}, {"name": "20070427 AFFLIB(TM): Multiple Format String Injections", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/467040/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2054", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "2657", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2657"}, {"name": "afflib-multiple-format-string(33969)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33969"}, {"name": "20070427 AFFLIB(TM): Multiple Format String Injections", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/467040/100/0/threaded"}, {"name": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt", "refsource": "MISC", "url": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2054", "datePublished": "2007-04-30T22:00:00", "dateReserved": "2007-04-16T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:afflib:afflib:*:*:*:*:*:*:*:*", "matchCriteriaId": "A201CC59-48F8-4FA9-B17E-00D75CF41235", "versionEndIncluding": "2.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de cadena de formato en AFFLIB anterior a 2.2.6 permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante determinados par\u00e1metros de l\u00ednea de comandos, los cuales se utilizan en llamadas (1) de advertencia (warn) y (2) de error (err) en (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, y (g) tools/afxml.cpp. NOTA: el vector aimage.cpp (e) ha sido retirado del aviso del investigador original, puesto que no se llama al c\u00f3digo en ninguna versi\u00f3n de AFFLIB."}], "evaluatorSolution": "The vendor has addressed this issue through the following product update: http://www.afflib.org/downloads/\r\n", "id": "CVE-2007-2054", "lastModified": "2018-10-16T16:41:46.647", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-30T22:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2657"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/467040/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33969"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}