CVE-2007-4584 - OpenCVE

Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Bitchx	Bitchx

Configuration 1 [-]

cpe:2.3:a:bitchx:bitchx:1.1-final:*:*:*:*:*:*:*

References

Link	Resource
http://osvdb.org/37480
http://secunia.com/advisories/26578	Vendor Advisory
http://secunia.com/advisories/31180
http://secunia.com/advisories/34870
http://security.gentoo.org/glsa/glsa-200807-12.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.285737
http://www.securityfocus.com/bid/25462
http://www.vupen.com/english/advisories/2007/2994
https://exchange.xforce.ibmcloud.com/vulnerabilities/36306
https://www.exploit-db.com/exploits/4321

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-29T01:00:00

Updated: 2017-09-28T12:57:01

Reserved: 2007-08-28T00:00:00

Link: CVE-2007-4584

JSON object: View

NVD Information

Status : Modified

Published: 2007-08-29T01:17:00.000

Modified: 2017-09-29T01:29:19.563

Link: CVE-2007-4584

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-27T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "SSA:2009-116-02", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.285737"}, {"name": "34870", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34870"}, {"name": "bitchx-pmode-bo(36306)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36306"}, {"name": "25462", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25462"}, {"name": "26578", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26578"}, {"name": "31180", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31180"}, {"name": "37480", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37480"}, {"name": "4321", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/4321"}, {"name": "ADV-2007-2994", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2994"}, {"name": "GLSA-200807-12", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200807-12.xml"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4584", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SSA:2009-116-02", "refsource": "SLACKWARE", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.285737"}, {"name": "34870", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34870"}, {"name": "bitchx-pmode-bo(36306)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36306"}, {"name": "25462", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25462"}, {"name": "26578", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26578"}, {"name": "31180", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31180"}, {"name": "37480", "refsource": "OSVDB", "url": "http://osvdb.org/37480"}, {"name": "4321", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/4321"}, {"name": "ADV-2007-2994", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2994"}, {"name": "GLSA-200807-12", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200807-12.xml"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4584", "datePublished": "2007-08-29T01:00:00", "dateReserved": "2007-08-28T00:00:00", "dateUpdated": "2017-09-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bitchx:bitchx:1.1-final:*:*:*:*:*:*:*", "matchCriteriaId": "470FD7C0-78F6-48C2-B98A-F873B668A501", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en BitchX 1.1 Final permite a servidores IRC remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una cadena larga en un comando MODE, relacionado con la variable p_mode."}], "id": "CVE-2007-4584", "lastModified": "2017-09-29T01:29:19.563", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-08-29T01:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/37480"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26578"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/31180"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/34870"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200807-12.xml"}, {"source": "cve@mitre.org", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.285737"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25462"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2994"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36306"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/4321"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable. This issue did not affect the version of IrcII as shipped with Red Hat Enterprise Linux 2.1. IrcII was not shipped in Enterprise Linux 3, 4, or 5.", "lastModified": "2007-09-24T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}