CVE-2007-3374 - OpenCVE

Buffer overflow in cluster/cman/daemon/daemon.c in cman (redhat-cluster-suite) before 20070622 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via long client messages.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Cluster Suite

Configuration 1 [-]

cpe:2.3:a:redhat:cluster_suite:*:*:*:*:*:*:*:*

References

Link	Resource
http://osvdb.org/37497
http://secunia.com/advisories/25799	Vendor Advisory
http://secunia.com/advisories/25818	Patch Vendor Advisory
http://secunia.com/advisories/25886	Vendor Advisory
http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/cman/daemon/daemon.c.diff?cvsroot=cluster&r1=1.34&r2=1.35
http://www.securityfocus.com/bid/24595
http://www.securitytracker.com/id?1018323
http://www.ubuntu.com/usn/usn-476-1	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/35034
https://launchpad.net/bugs/121780	Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9524
https://rhn.redhat.com/errata/RHSA-2007-0559.html
https://www.redhat.com/archives/cluster-devel/2007-June/msg00130.html	Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-06-25T20:00:00

Updated: 2017-10-10T00:57:01

Reserved: 2007-06-25T00:00:00

Link: CVE-2007-3374

JSON object: View

NVD Information

Status : Modified

Published: 2007-06-25T20:30:00.000

Modified: 2017-10-11T01:32:45.647

Link: CVE-2007-3374

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-06-22T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in cluster/cman/daemon/daemon.c in cman (redhat-cluster-suite) before 20070622 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via long client messages."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "clusterproject-processclient-bo(35034)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35034"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/cman/daemon/daemon.c.diff?cvsroot=cluster&r1=1.34&r2=1.35"}, {"name": "25818", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25818"}, {"name": "25886", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25886"}, {"name": "oval:org.mitre.oval:def:9524", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9524"}, {"name": "24595", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24595"}, {"name": "1018323", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018323"}, {"name": "RHSA-2007:0559", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2007-0559.html"}, {"name": "37497", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37497"}, {"name": "USN-476-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-476-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://launchpad.net/bugs/121780"}, {"name": "[cluster-devel] 20070619 cluster/cman/daemon daemon.c", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://www.redhat.com/archives/cluster-devel/2007-June/msg00130.html"}, {"name": "25799", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25799"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3374", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in cluster/cman/daemon/daemon.c in cman (redhat-cluster-suite) before 20070622 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via long client messages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "clusterproject-processclient-bo(35034)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35034"}, {"name": "http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/cman/daemon/daemon.c.diff?cvsroot=cluster&r1=1.34&r2=1.35", "refsource": "CONFIRM", "url": "http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/cman/daemon/daemon.c.diff?cvsroot=cluster&r1=1.34&r2=1.35"}, {"name": "25818", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25818"}, {"name": "25886", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25886"}, {"name": "oval:org.mitre.oval:def:9524", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9524"}, {"name": "24595", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24595"}, {"name": "1018323", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018323"}, {"name": "RHSA-2007:0559", "refsource": "REDHAT", "url": "https://rhn.redhat.com/errata/RHSA-2007-0559.html"}, {"name": "37497", "refsource": "OSVDB", "url": "http://osvdb.org/37497"}, {"name": "USN-476-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-476-1"}, {"name": "https://launchpad.net/bugs/121780", "refsource": "CONFIRM", "url": "https://launchpad.net/bugs/121780"}, {"name": "[cluster-devel] 20070619 cluster/cman/daemon daemon.c", "refsource": "MLIST", "url": "https://www.redhat.com/archives/cluster-devel/2007-June/msg00130.html"}, {"name": "25799", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25799"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3374", "datePublished": "2007-06-25T20:00:00", "dateReserved": "2007-06-25T00:00:00", "dateUpdated": "2017-10-10T00:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:cluster_suite:*:*:*:*:*:*:*:*", "matchCriteriaId": "34EEC6AA-4B41-4C17-95A9-07D3F7305985", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in cluster/cman/daemon/daemon.c in cman (redhat-cluster-suite) before 20070622 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via long client messages."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en el archivo cluster/cman/daemon/daemon.c en cman (redhat-cluster-suite) antes del 20070622, permite a usuarios locales causar una denegaci\u00f3n de servicio (bloqueo) y posiblemente ejecutar c\u00f3digo arbitrario por medio de mensajes de cliente largos."}], "id": "CVE-2007-3374", "lastModified": "2017-10-11T01:32:45.647", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-06-25T20:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/37497"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25799"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/25818"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25886"}, {"source": "cve@mitre.org", "url": "http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/cman/daemon/daemon.c.diff?cvsroot=cluster&r1=1.34&r2=1.35"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/24595"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018323"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.ubuntu.com/usn/usn-476-1"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35034"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://launchpad.net/bugs/121780"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9524"}, {"source": "cve@mitre.org", "url": "https://rhn.redhat.com/errata/RHSA-2007-0559.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://www.redhat.com/archives/cluster-devel/2007-June/msg00130.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}