CVE-2007-1770

Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests.
References
Link Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507 Broken Link
http://secunia.com/advisories/24639 Broken Link
http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1260 Vendor Advisory
http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1261 Vendor Advisory
http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1262 Vendor Advisory
http://www.securityfocus.com/bid/23175 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1017874 Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2007/1140 Broken Link Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33282 Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/33457 Third Party Advisory VDB Entry
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507 Broken Link
http://secunia.com/advisories/24639 Broken Link
http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1260 Vendor Advisory
http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1261 Vendor Advisory
http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1262 Vendor Advisory
http://www.securityfocus.com/bid/23175 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1017874 Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2007/1140 Broken Link Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33282 Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/33457 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:esri:arcsde:8.3:-:*:*:*:*:*:*
cpe:2.3:a:esri:arcsde:8.3:sp1:*:*:*:*:*:*
cpe:2.3:a:esri:arcsde:9.0:-:*:*:*:*:*:*
cpe:2.3:a:esri:arcsde:9.0:sp1:*:*:*:*:*:*
cpe:2.3:a:esri:arcsde:9.0:sp2:*:*:*:*:*:*
cpe:2.3:a:esri:arcsde:9.1:-:*:*:*:*:*:*
cpe:2.3:a:esri:arcsde:9.1:sp1:*:*:*:*:*:*
cpe:2.3:a:esri:arcsde:9.1:sp2:*:*:*:*:*:*

History

21 Nov 2024, 00:29

Type Values Removed Values Added
References () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507 - Broken Link () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507 - Broken Link
References () http://secunia.com/advisories/24639 - Broken Link () http://secunia.com/advisories/24639 - Broken Link
References () http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1260 - Vendor Advisory () http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1260 - Vendor Advisory
References () http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1261 - Vendor Advisory () http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1261 - Vendor Advisory
References () http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1262 - Vendor Advisory () http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1262 - Vendor Advisory
References () http://www.securityfocus.com/bid/23175 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/23175 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id?1017874 - Broken Link, Third Party Advisory, VDB Entry () http://www.securitytracker.com/id?1017874 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.vupen.com/english/advisories/2007/1140 - Broken Link, Third Party Advisory () http://www.vupen.com/english/advisories/2007/1140 - Broken Link, Third Party Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/33282 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/33282 - Third Party Advisory, VDB Entry
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/33457 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/33457 - Third Party Advisory, VDB Entry

11 Jul 2024, 18:04

Type Values Removed Values Added
CWE NVD-CWE-Other CWE-120
CPE cpe:2.3:a:esri:arcgis:*:*:sp1:*:*:*:*:* cpe:2.3:a:esri:arcsde:9.1:sp1:*:*:*:*:*:*
cpe:2.3:a:esri:arcsde:9.0:sp1:*:*:*:*:*:*
cpe:2.3:a:esri:arcsde:9.0:sp2:*:*:*:*:*:*
cpe:2.3:a:esri:arcsde:9.1:sp2:*:*:*:*:*:*
cpe:2.3:a:esri:arcsde:8.3:-:*:*:*:*:*:*
cpe:2.3:a:esri:arcsde:9.1:-:*:*:*:*:*:*
cpe:2.3:a:esri:arcsde:9.0:-:*:*:*:*:*:*
cpe:2.3:a:esri:arcsde:8.3:sp1:*:*:*:*:*:*
First Time Esri arcsde
References () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507 - () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507 - Broken Link
References () http://secunia.com/advisories/24639 - Vendor Advisory () http://secunia.com/advisories/24639 - Broken Link
References () http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1260 - () http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1260 - Vendor Advisory
References () http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1261 - () http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1261 - Vendor Advisory
References () http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1262 - () http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1262 - Vendor Advisory
References () http://www.securityfocus.com/bid/23175 - () http://www.securityfocus.com/bid/23175 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id?1017874 - () http://www.securitytracker.com/id?1017874 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.vupen.com/english/advisories/2007/1140 - () http://www.vupen.com/english/advisories/2007/1140 - Broken Link, Third Party Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/33282 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/33282 - Third Party Advisory, VDB Entry
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/33457 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/33457 - Third Party Advisory, VDB Entry

Information

Published : 2007-03-30 01:19

Updated : 2024-11-21 00:29


NVD link : CVE-2007-1770

Mitre link : CVE-2007-1770

CVE.ORG link : CVE-2007-1770


JSON object : View

Products Affected

esri

  • arcsde
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')