CVE-2007-1654

Buffer overflow in the Ne7sshSftp::addOpenHandle function in ne7ssh_sftp.cpp in NetSieben SSH Library (ne7ssh) before 1.2.1 allows user-assisted remote SFTP servers to cause a denial of service (crash) or possibly execute arbitrary code via multiple file transfers, related to multiple open file handles in SFTP (1) put and (2) get operations.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://netsieben.com/files/CHANGELOG	URL Repurposed
http://osvdb.org/43555
https://exchange.xforce.ibmcloud.com/vulnerabilities/33504
http://netsieben.com/files/CHANGELOG	URL Repurposed
http://osvdb.org/43555
https://exchange.xforce.ibmcloud.com/vulnerabilities/33504

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:netsieben:netsieben_ssh_library:1.1:::::::*
	cpe:2.3:a:netsieben:netsieben_ssh_library:1.1.5:::::::*
	cpe:2.3:a:netsieben:netsieben_ssh_library:1.1.6:::::::*
	cpe:2.3:a:netsieben:netsieben_ssh_library:1.2.0:::::::*
	cpe:2.3:a:netsieben:netsieben_ssh_library:1.03:::::::*

History

21 Nov 2024, 00:28

Type	Values Removed	Values Added
References	~~() http://netsieben.com/files/CHANGELOG - URL Repurposed~~	() http://netsieben.com/files/CHANGELOG - URL Repurposed
References	~~() http://osvdb.org/43555 -~~	() http://osvdb.org/43555 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/33504 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/33504 -

14 Feb 2024, 01:17

Type	Values Removed	Values Added
References	~~() http://netsieben.com/files/CHANGELOG -~~	() http://netsieben.com/files/CHANGELOG - URL Repurposed

Information

Published : 2007-03-24 00:19

Updated : 2025-04-09 00:30

NVD link : CVE-2007-1654

Mitre link : CVE-2007-1654

CVE.ORG link : CVE-2007-1654

JSON object : View

Products Affected

netsieben

netsieben_ssh_library

CWE

NVD-CWE-Other

{"id": "CVE-2007-1654", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-03-24T00:19:00.000", "references": [{"url": "http://netsieben.com/files/CHANGELOG", "tags": ["URL Repurposed"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/43555", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33504", "source": "cve@mitre.org"}, {"url": "http://netsieben.com/files/CHANGELOG", "tags": ["URL Repurposed"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/43555", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33504", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the Ne7sshSftp::addOpenHandle function in ne7ssh_sftp.cpp in NetSieben SSH Library (ne7ssh) before 1.2.1 allows user-assisted remote SFTP servers to cause a denial of service (crash) or possibly execute arbitrary code via multiple file transfers, related to multiple open file handles in SFTP (1) put and (2) get operations."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en la funci\u00f3n Ne7sshSftp::addOpenHandle en ne7ssh_sftp.cpp en NetSieben SSH Library (ne7ssh) anterior a 1.2.1 permite a atacantes con la intervenci\u00f3n del usuario provocar denegaci\u00f3n de servicio(caida) en servidores SFTP o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de m\u00faltiples transferencias de archivo, relacionado con m\u00faltiples manejadores de apertura de fichero en SFTP con operaciones (1)put y (2)get.\r\n"}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netsieben:netsieben_ssh_library:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C6BCC86-7837-4E95-B3B5-B3058DEE4057"}, {"criteria": "cpe:2.3:a:netsieben:netsieben_ssh_library:1.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17A4A775-0DB1-433E-BBC4-0F7469E381E1"}, {"criteria": "cpe:2.3:a:netsieben:netsieben_ssh_library:1.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8E4498D-4E53-4C42-BC27-1E573885F3DD"}, {"criteria": "cpe:2.3:a:netsieben:netsieben_ssh_library:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EE23DC1-8FCA-4887-A31B-9C55F2416206"}, {"criteria": "cpe:2.3:a:netsieben:netsieben_ssh_library:1.03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E141DD64-ED8A-4B2F-BA89-EDE952F4095B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}