cvelistv5 - cve-2007-1270

CVE-2007-1270 (GCVE-0-2007-1270)

Vulnerability from cvelistv5 – Published: 2007-04-06 00:00 – Updated: 2024-08-07 12:50

Summary

Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securitytracker.com/id?1017875	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/464745/100…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2007/1267	vdb-entryx_refsource_VUPEN
	http://www.vmware.com/support/vi3/doc/esx-6431040…	x_refsource_CONFIRM
	http://secunia.com/advisories/24788	third-party-advisoryx_refsource_SECUNIA
	http://www.vmware.com/support/vi3/doc/esx-5754280…	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://osvdb.org/35268	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/bid/23323	vdb-entryx_refsource_BID
	http://securityreason.com/securityalert/2524	third-party-advisoryx_refsource_SREASON

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:50:35.200Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1017875",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017875"
          },
          {
            "name": "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/464745/100/0/threaded"
          },
          {
            "name": "ADV-2007-1267",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1267"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html"
          },
          {
            "name": "24788",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24788"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html"
          },
          {
            "name": "oval:org.mitre.oval:def:5463",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5463"
          },
          {
            "name": "35268",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/35268"
          },
          {
            "name": "23323",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23323"
          },
          {
            "name": "2524",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2524"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-03-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1017875",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017875"
        },
        {
          "name": "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/464745/100/0/threaded"
        },
        {
          "name": "ADV-2007-1267",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1267"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html"
        },
        {
          "name": "24788",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24788"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html"
        },
        {
          "name": "oval:org.mitre.oval:def:5463",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5463"
        },
        {
          "name": "35268",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/35268"
        },
        {
          "name": "23323",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23323"
        },
        {
          "name": "2524",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2524"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1270",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1017875",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017875"
            },
            {
              "name": "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/464745/100/0/threaded"
            },
            {
              "name": "ADV-2007-1267",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1267"
            },
            {
              "name": "http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html"
            },
            {
              "name": "24788",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24788"
            },
            {
              "name": "http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html"
            },
            {
              "name": "oval:org.mitre.oval:def:5463",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5463"
            },
            {
              "name": "35268",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/35268"
            },
            {
              "name": "23323",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23323"
            },
            {
              "name": "2524",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2524"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1270",
    "datePublished": "2007-04-06T00:00:00",
    "dateReserved": "2007-03-04T00:00:00",
    "dateUpdated": "2024-08-07T12:50:35.200Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:esx_server:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3BE184CF-CD55-4F32-9294-A680A4DD3870\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"974D84A6-F5AB-4F0A-B9B5-9095A0E4733C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C3613B7-CA1B-4C9A-9076-A2894202DDA4\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de doble liberaci\\u00f3n en el VMware ESX Server 3.0.0 y 3.0.1 permite a los atacantes provocar una denegaci\\u00f3n de servicio      (ca\\u00edda), obtener informaci\\u00f3n sensible o, posiblemente, ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de vectores sin especificar.\"}]",
      "id": "CVE-2007-1270",
      "lastModified": "2024-11-21T00:27:55.583",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-04-06T00:19:00.000",
      "references": "[{\"url\": \"http://osvdb.org/35268\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/24788\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/2524\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/464745/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/23323\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1017875\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1267\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5463\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/35268\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/24788\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/2524\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/464745/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/23323\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1017875\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1267\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5463\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-189\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-1270\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-04-06T00:19:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de doble liberaci\u00f3n en el VMware ESX Server 3.0.0 y 3.0.1 permite a los atacantes provocar una denegaci\u00f3n de servicio      (ca\u00edda), obtener informaci\u00f3n sensible o, posiblemente, ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores sin especificar.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esx_server:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BE184CF-CD55-4F32-9294-A680A4DD3870\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"974D84A6-F5AB-4F0A-B9B5-9095A0E4733C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C3613B7-CA1B-4C9A-9076-A2894202DDA4\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/35268\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24788\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/2524\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/464745/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/23323\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1017875\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1267\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5463\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/35268\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24788\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/2524\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/464745/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/23323\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1017875\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1267\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5463\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2007-1270

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-1270

Aliases

CVE-2007-1270

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-1270",
    "description": "Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors.",
    "id": "GSD-2007-1270"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-1270"
      ],
      "details": "Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors.",
      "id": "GSD-2007-1270",
      "modified": "2023-12-13T01:21:39.515657Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-1270",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1017875",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1017875"
          },
          {
            "name": "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/464745/100/0/threaded"
          },
          {
            "name": "ADV-2007-1267",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/1267"
          },
          {
            "name": "http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html"
          },
          {
            "name": "24788",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24788"
          },
          {
            "name": "http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html"
          },
          {
            "name": "oval:org.mitre.oval:def:5463",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5463"
          },
          {
            "name": "35268",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/35268"
          },
          {
            "name": "23323",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/23323"
          },
          {
            "name": "2524",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/2524"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:esx_server:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1270"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-189"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html"
            },
            {
              "name": "http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html"
            },
            {
              "name": "24788",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/24788"
            },
            {
              "name": "23323",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/23323"
            },
            {
              "name": "1017875",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1017875"
            },
            {
              "name": "2524",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/2524"
            },
            {
              "name": "35268",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/35268"
            },
            {
              "name": "ADV-2007-1267",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/1267"
            },
            {
              "name": "oval:org.mitre.oval:def:5463",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5463"
            },
            {
              "name": "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/464745/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-30T16:26Z",
      "publishedDate": "2007-04-06T00:19Z"
    }
  }
}

CERTA-2007-AVI-223

Vulnerability from certfr_avis - Published: - Updated:

Trois vulnérabilités ont été identifiées dans les pilotes Linux MadWifi utilisés pour certaines interfaces d'accès aux réseaux sans-fil. Deux d'entre elles sont exploitables à distance, par l'émission de trames sans-fil spécialement construites. Les conséquences peuvent être un dysfonctionnement de la fonctionnalité sans-fil ou l'exécution de code arbitraire sur le système vulnérable.

Description

Trois vulnérabilités ont été identifiées dans les pilotes Linux MadWifi, utilisés pour certaines interfaces d'accès aux résea ux sans-fil utilisant une puce atheros :

la fonction ath_beacon_config() pourrait effectuer une division par zéro pour le calcul de la macro howmany, sans vérifier la valeur du dénominateur intval. Cette vulnérabilité pourrait être exploitée à distance, par une trame Wi-Fi spécialement construite, afin de perturber le système.
la fonction ieee_80211_ioctl_getwmmparams ne contrôlerait pas correctement un index de tableau. Cette vulnérabilité peut être exploitée par un utilisateur local et ayant des droits limités, afin d'élever ses privilèges ou d'accéder à certaines données de la mémoire.
les paquets de type Fast Frame (méthode de compression de données, pouvant s'utiliser avec le standard 802.11e associé à la qualité de service) ne sont pas correctement contrôlés. Leur longueur n'est pas vérifiée, et l'interprétation d'un paquet spécialement construit pourrait ainsi rendre le système indisponible.

Solution

Se référer aux tickets de sécurité du projet MadWifi pour l'obtention des correctifs (cf. section Documentation).

MadWiFi, pour les versions antérieures à 0.9.3.1.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Tickets de sécurité du site MadWiFi 1270, 1334 et 1335	None	vendor-advisory
Ticket de sécurité 1335 du projet MadWifi :	-	other
Ticket de sécurité 1270 du projet MadWifi :	-	other
Site du projet MadWifi :	-	other
Ticket de sécurité 1334 du projet MadWifi :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eMadWiFi, pour les versions ant\u00e9rieures \u00e0 0.9.3.1.\u003c/P\u003e",
  "content": "## Description\n\nTrois vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans les pilotes Linux MadWifi,\nutilis\u00e9s pour certaines interfaces d\u0027acc\u00e8s aux r\u00e9sea ux sans-fil\nutilisant une puce atheros :\n\n1.  la fonction ath_beacon_config() pourrait effectuer une division par\n    z\u00e9ro pour le calcul de la macro howmany, sans v\u00e9rifier la valeur du\n    d\u00e9nominateur intval. Cette vuln\u00e9rabilit\u00e9 pourrait \u00eatre exploit\u00e9e \u00e0\n    distance, par une trame Wi-Fi sp\u00e9cialement construite, afin de\n    perturber le syst\u00e8me.\n2.  la fonction ieee_80211_ioctl_getwmmparams ne contr\u00f4lerait pas\n    correctement un index de tableau. Cette vuln\u00e9rabilit\u00e9 peut \u00eatre\n    exploit\u00e9e par un utilisateur local et ayant des droits limit\u00e9s, afin\n    d\u0027\u00e9lever ses privil\u00e8ges ou d\u0027acc\u00e9der \u00e0 certaines donn\u00e9es de la\n    m\u00e9moire.\n3.  les paquets de type Fast Frame (m\u00e9thode de compression de donn\u00e9es,\n    pouvant s\u0027utiliser avec le standard 802.11e associ\u00e9 \u00e0 la qualit\u00e9 de\n    service) ne sont pas correctement contr\u00f4l\u00e9s. Leur longueur n\u0027est pas\n    v\u00e9rifi\u00e9e, et l\u0027interpr\u00e9tation d\u0027un paquet sp\u00e9cialement construit\n    pourrait ainsi rendre le syst\u00e8me indisponible.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux tickets de s\u00e9curit\u00e9 du projet MadWifi pour l\u0027obtention\ndes correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-1335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1335"
    },
    {
      "name": "CVE-2007-1334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1334"
    },
    {
      "name": "CVE-2007-1270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1270"
    }
  ],
  "links": [
    {
      "title": "Ticket de s\u00e9curit\u00e9 1335 du projet MadWifi :",
      "url": "http://madwifi.org/ticket/1335"
    },
    {
      "title": "Ticket de s\u00e9curit\u00e9 1270 du projet MadWifi :",
      "url": "http://madwifi.org/ticket/1270"
    },
    {
      "title": "Site du projet MadWifi :",
      "url": "http://madwifi.org"
    },
    {
      "title": "Ticket de s\u00e9curit\u00e9 1334 du projet MadWifi :",
      "url": "http://madwifi.org/ticket/1334"
    }
  ],
  "reference": "CERTA-2007-AVI-223",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-05-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Trois vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans les pilotes Linux MadWifi\nutilis\u00e9s pour certaines interfaces d\u0027acc\u00e8s aux r\u00e9seaux sans-fil. Deux\nd\u0027entre elles sont exploitables \u00e0 distance, par l\u0027\u00e9mission de trames\nsans-fil sp\u00e9cialement construites. Les cons\u00e9quences peuvent \u00eatre un\ndysfonctionnement de la fonctionnalit\u00e9 sans-fil ou l\u0027ex\u00e9cution de code\narbitraire sur le syst\u00e8me vuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans les pilotes sans-fil MadWifi",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Tickets de s\u00e9curit\u00e9 du site MadWiFi 1270, 1334 et 1335",
      "url": null
    }
  ]
}

CERTA-2007-AVI-223

Vulnerability from certfr_avis - Published: - Updated:

Description

Trois vulnérabilités ont été identifiées dans les pilotes Linux MadWifi, utilisés pour certaines interfaces d'accès aux résea ux sans-fil utilisant une puce atheros :

la fonction ath_beacon_config() pourrait effectuer une division par zéro pour le calcul de la macro howmany, sans vérifier la valeur du dénominateur intval. Cette vulnérabilité pourrait être exploitée à distance, par une trame Wi-Fi spécialement construite, afin de perturber le système.
la fonction ieee_80211_ioctl_getwmmparams ne contrôlerait pas correctement un index de tableau. Cette vulnérabilité peut être exploitée par un utilisateur local et ayant des droits limités, afin d'élever ses privilèges ou d'accéder à certaines données de la mémoire.
les paquets de type Fast Frame (méthode de compression de données, pouvant s'utiliser avec le standard 802.11e associé à la qualité de service) ne sont pas correctement contrôlés. Leur longueur n'est pas vérifiée, et l'interprétation d'un paquet spécialement construit pourrait ainsi rendre le système indisponible.

Solution

Se référer aux tickets de sécurité du projet MadWifi pour l'obtention des correctifs (cf. section Documentation).

MadWiFi, pour les versions antérieures à 0.9.3.1.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Tickets de sécurité du site MadWiFi 1270, 1334 et 1335	None	vendor-advisory
Ticket de sécurité 1335 du projet MadWifi :	-	other
Ticket de sécurité 1270 du projet MadWifi :	-	other
Site du projet MadWifi :	-	other
Ticket de sécurité 1334 du projet MadWifi :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eMadWiFi, pour les versions ant\u00e9rieures \u00e0 0.9.3.1.\u003c/P\u003e",
  "content": "## Description\n\nTrois vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans les pilotes Linux MadWifi,\nutilis\u00e9s pour certaines interfaces d\u0027acc\u00e8s aux r\u00e9sea ux sans-fil\nutilisant une puce atheros :\n\n1.  la fonction ath_beacon_config() pourrait effectuer une division par\n    z\u00e9ro pour le calcul de la macro howmany, sans v\u00e9rifier la valeur du\n    d\u00e9nominateur intval. Cette vuln\u00e9rabilit\u00e9 pourrait \u00eatre exploit\u00e9e \u00e0\n    distance, par une trame Wi-Fi sp\u00e9cialement construite, afin de\n    perturber le syst\u00e8me.\n2.  la fonction ieee_80211_ioctl_getwmmparams ne contr\u00f4lerait pas\n    correctement un index de tableau. Cette vuln\u00e9rabilit\u00e9 peut \u00eatre\n    exploit\u00e9e par un utilisateur local et ayant des droits limit\u00e9s, afin\n    d\u0027\u00e9lever ses privil\u00e8ges ou d\u0027acc\u00e9der \u00e0 certaines donn\u00e9es de la\n    m\u00e9moire.\n3.  les paquets de type Fast Frame (m\u00e9thode de compression de donn\u00e9es,\n    pouvant s\u0027utiliser avec le standard 802.11e associ\u00e9 \u00e0 la qualit\u00e9 de\n    service) ne sont pas correctement contr\u00f4l\u00e9s. Leur longueur n\u0027est pas\n    v\u00e9rifi\u00e9e, et l\u0027interpr\u00e9tation d\u0027un paquet sp\u00e9cialement construit\n    pourrait ainsi rendre le syst\u00e8me indisponible.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux tickets de s\u00e9curit\u00e9 du projet MadWifi pour l\u0027obtention\ndes correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-1335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1335"
    },
    {
      "name": "CVE-2007-1334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1334"
    },
    {
      "name": "CVE-2007-1270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1270"
    }
  ],
  "links": [
    {
      "title": "Ticket de s\u00e9curit\u00e9 1335 du projet MadWifi :",
      "url": "http://madwifi.org/ticket/1335"
    },
    {
      "title": "Ticket de s\u00e9curit\u00e9 1270 du projet MadWifi :",
      "url": "http://madwifi.org/ticket/1270"
    },
    {
      "title": "Site du projet MadWifi :",
      "url": "http://madwifi.org"
    },
    {
      "title": "Ticket de s\u00e9curit\u00e9 1334 du projet MadWifi :",
      "url": "http://madwifi.org/ticket/1334"
    }
  ],
  "reference": "CERTA-2007-AVI-223",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-05-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Trois vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans les pilotes Linux MadWifi\nutilis\u00e9s pour certaines interfaces d\u0027acc\u00e8s aux r\u00e9seaux sans-fil. Deux\nd\u0027entre elles sont exploitables \u00e0 distance, par l\u0027\u00e9mission de trames\nsans-fil sp\u00e9cialement construites. Les cons\u00e9quences peuvent \u00eatre un\ndysfonctionnement de la fonctionnalit\u00e9 sans-fil ou l\u0027ex\u00e9cution de code\narbitraire sur le syst\u00e8me vuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans les pilotes sans-fil MadWifi",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Tickets de s\u00e9curit\u00e9 du site MadWiFi 1270, 1334 et 1335",
      "url": null
    }
  ]
}

GHSA-48H8-WF9X-QV92

Vulnerability from github – Published: 2022-05-01 17:52 – Updated: 2022-05-01 17:52

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-1270"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-04-06T00:19:00Z",
    "severity": "MODERATE"
  },
  "details": "Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors.",
  "id": "GHSA-48h8-wf9x-qv92",
  "modified": "2022-05-01T17:52:03Z",
  "published": "2022-05-01T17:52:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1270"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5463"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/35268"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24788"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/2524"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/464745/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/23323"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1017875"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1267"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2007-1270

Vulnerability from fkie_nvd - Published: 2007-04-06 00:19 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/35268
cve@mitre.org	http://secunia.com/advisories/24788	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/2524
cve@mitre.org	http://www.securityfocus.com/archive/1/464745/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/23323
cve@mitre.org	http://www.securitytracker.com/id?1017875
cve@mitre.org	http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html
cve@mitre.org	http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1267
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5463
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/35268
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24788	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/2524
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/464745/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23323
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1017875
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1267
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5463

Impacted products

Vendor	Product	Version
vmware	esx_server	3.0
vmware	esx	3.0.0
vmware	esx	3.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:esx_server:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BE184CF-CD55-4F32-9294-A680A4DD3870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "974D84A6-F5AB-4F0A-B9B5-9095A0E4733C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C3613B7-CA1B-4C9A-9076-A2894202DDA4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de doble liberaci\u00f3n en el VMware ESX Server 3.0.0 y 3.0.1 permite a los atacantes provocar una denegaci\u00f3n de servicio      (ca\u00edda), obtener informaci\u00f3n sensible o, posiblemente, ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2007-1270",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-04-06T00:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/35268"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24788"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/2524"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/464745/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/23323"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017875"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1267"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/35268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24788"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2524"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/464745/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/23323"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017875"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5463"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-1270 (GCVE-0-2007-1270)

GSD-2007-1270

CERTA-2007-AVI-223

Description

Solution

CERTA-2007-AVI-223

Description

Solution

GHSA-48H8-WF9X-QV92

FKIE_CVE-2007-1270

Tags

Sightings

Nomenclature