CVE-2007-5242

Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON.EXE in HP OpenVMS 8.3 and earlier allows remote attackers to cause a denial of service (machine crash) via an "oversize" packet, which is not properly discarded if "the device has no remaining buffers after receipt of the first buffer segment."

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://mail.openvms.org:8100/Lists/alerts/Message/582.html	Patch
http://mail.openvms.org:8100/Lists/alerts/Message/583.html	Patch
http://osvdb.org/37812
http://osvdb.org/37813
http://secunia.com/advisories/27084	Patch Vendor Advisory
http://www.securityfocus.com/bid/25939	Patch
http://www.vupen.com/english/advisories/2007/3382

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:hp:openvms:::alpha:::::*
	cpe:2.3:o:hp:openvms:::integrity:::::*

History

No history.

Information

Published : 2007-10-06 16:17

Updated : 2011-03-08 03:00

NVD link : CVE-2007-5242

Mitre link : CVE-2007-5242

CVE.ORG link : CVE-2007-5242

JSON object : View

Products Affected

hp

openvms

CWE

NVD-CWE-Other

{"id": "CVE-2007-5242", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-10-06T16:17:00.000", "references": [{"url": "http://mail.openvms.org:8100/Lists/alerts/Message/582.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://mail.openvms.org:8100/Lists/alerts/Message/583.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/37812", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/37813", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27084", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25939", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/3382", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON.EXE in HP OpenVMS 8.3 and earlier allows remote attackers to cause a denial of service (machine crash) via an \"oversize\" packet, which is not properly discarded if \"the device has no remaining buffers after receipt of the first buffer segment.\""}, {"lang": "es", "value": "Vulnerabilidad no especificada en (1) SYS$EI1000.EXE y (2) SYS$EI1000_MON.EXE en HP OpenVMS 8.3 y anteriores permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida de maquina) a trav\u00e9s de un paquete \"sobredimensionado\", el cual no es descartado adecuadamente si \"el dispositivo no tiene b\u00fafers restantes despu\u00e9s de recibir el primer segmento de b\u00fafer\"."}], "lastModified": "2011-03-08T03:00:22.157", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:openvms:*:*:alpha:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B52F550-E41B-4719-87BA-6390CB405066", "versionEndIncluding": "8.3"}, {"criteria": "cpe:2.3:o:hp:openvms:*:*:integrity:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BEF6245-473B-4C57-8C76-0D0383774565", "versionEndIncluding": "8.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}