CVE-2007-4609

eyeOS uses predictable checksum values in the checknum parameter for access control, which allows remote attackers to register many accounts via doCreateUser actions, add many eyeBoard messages via addMsg actions, and cause a denial of service or conduct certain unauthorized activities, by guessing valid parameter values.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/45836
http://securityreason.com/securityalert/3081
http://www.securityfocus.com/archive/1/477866/100/0/threaded
http://osvdb.org/45836
http://securityreason.com/securityalert/3081
http://www.securityfocus.com/archive/1/477866/100/0/threaded

Configurations

Configuration 1 (hide)

cpe:2.3:o:eyeos_project:eyeos:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:36

Type	Values Removed	Values Added
References	~~() http://osvdb.org/45836 -~~	() http://osvdb.org/45836 -
References	~~() http://securityreason.com/securityalert/3081 -~~	() http://securityreason.com/securityalert/3081 -
References	~~() http://www.securityfocus.com/archive/1/477866/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/477866/100/0/threaded -

Information

Published : 2007-08-31 00:17

Updated : 2024-11-21 00:36

NVD link : CVE-2007-4609

Mitre link : CVE-2007-4609

CVE.ORG link : CVE-2007-4609

JSON object : View

Products Affected

eyeos_project

eyeos

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2007-4609", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-08-31T00:17:00.000", "references": [{"url": "http://osvdb.org/45836", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/3081", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/477866/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/45836", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/3081", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/477866/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "eyeOS uses predictable checksum values in the checknum parameter for access control, which allows remote attackers to register many accounts via doCreateUser actions, add many eyeBoard messages via addMsg actions, and cause a denial of service or conduct certain unauthorized activities, by guessing valid parameter values."}, {"lang": "es", "value": "El eyeOS utiliza valores de checksum predecibles en el par\u00e1metro checksum para el control de acceso, lo que permite a atacantes remotos registrar m\u00faltiples cuentas a trav\u00e9s de acciones doCreateUser, a\u00f1adir m\u00faltiples mensajes eyeBoard a trav\u00e9s de acciones addMsg y provocar una denegaci\u00f3n de servicio o llevar a cabo ciertas actividades no autorizadas, adivinando valores de par\u00e1metros v\u00e1lidos."}], "lastModified": "2024-11-21T00:36:00.600", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:eyeos_project:eyeos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B91A5AC-C5FB-4F76-BEF1-6C537C894CF9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}