CVE-2007-5933

Pioneers (formerly gnocatan) before 0.11.3 allows remote attackers to cause a denial of service (crash) by triggering a delete operation while the Session object is still being used, as demonstrated by causing a "Broken pipe" error.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449541
http://bugs.gentoo.org/show_bug.cgi?id=198807
http://secunia.com/advisories/27522	Vendor Advisory
http://secunia.com/advisories/27646	Vendor Advisory
http://security.gentoo.org/glsa/glsa-200711-20.xml
http://securitytracker.com/id?1019024
http://sourceforge.net/tracker/index.php?func=detail&aid=1791176&group_id=5095&atid=305095	Patch
http://www.securityfocus.com/bid/26391

Configurations

Configuration 1 (hide)

cpe:2.3:a:pioneers:pioneers:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-11-13 20:46

Updated : 2024-02-04 17:13

NVD link : CVE-2007-5933

Mitre link : CVE-2007-5933

CVE.ORG link : CVE-2007-5933

JSON object : View

Products Affected

pioneers

pioneers

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2007-5933", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-11-13T20:46:00.000", "references": [{"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449541", "source": "cve@mitre.org"}, {"url": "http://bugs.gentoo.org/show_bug.cgi?id=198807", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27522", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27646", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200711-20.xml", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1019024", "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1791176&group_id=5095&atid=305095", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/26391", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Pioneers (formerly gnocatan) before 0.11.3 allows remote attackers to cause a denial of service (crash) by triggering a delete operation while the Session object is still being used, as demonstrated by causing a \"Broken pipe\" error."}, {"lang": "es", "value": "Pioneers (anteriormente gnocatan) versiones anteriores a 0.11.3, permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) mediante la activaci\u00f3n de una operaci\u00f3n de borrado mientras el objeto Session se sigue usando, como es demostrado causando un error de \"Broken pipe\"."}], "lastModified": "2011-08-10T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pioneers:pioneers:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A283224-7E19-4A35-AFEC-C10FAE844928", "versionEndIncluding": "0.11.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}