CVE-2007-6625

The Platform Service Process (asampsp) in Fan-Out Driver Platform Services for Novell Identity Manager (IDM) 3.5.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified network traffic that triggers a syslog message containing invalid format string specifiers, as demonstrated by a Nessus scan.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/40104
http://secunia.com/advisories/28237	Patch Vendor Advisory
http://securitytracker.com/id?1019144	Patch
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5007560.html	Patch
http://www.securityfocus.com/bid/27028
http://www.vupen.com/english/advisories/2007/4311
https://exchange.xforce.ibmcloud.com/vulnerabilities/39206

Configurations

Configuration 1 (hide)

cpe:2.3:a:novell:identity_manager:3.5.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-01-04 00:46

Updated : 2017-08-08 01:29

NVD link : CVE-2007-6625

Mitre link : CVE-2007-6625

CVE.ORG link : CVE-2007-6625

JSON object : View

Products Affected

novell

identity_manager

CWE

CWE-134

Use of Externally-Controlled Format String

{"id": "CVE-2007-6625", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-01-04T00:46:00.000", "references": [{"url": "http://osvdb.org/40104", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28237", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1019144", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5007560.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/27028", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/4311", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39206", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-134"}]}], "descriptions": [{"lang": "en", "value": "The Platform Service Process (asampsp) in Fan-Out Driver Platform Services for Novell Identity Manager (IDM) 3.5.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified network traffic that triggers a syslog message containing invalid format string specifiers, as demonstrated by a Nessus scan."}, {"lang": "es", "value": "El Platform Service Process (asampsp) de Fan-Out Driver Platform Services para Novell Identity Manager (IDM) 3.5.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de demonio) mediante tr\u00e1fico de red no especificado que dispara un mensaje de syslog conteniendo especificadores de formato de cadena inv\u00e1lidos, como se demuestra con un an\u00e1lisis Nessus."}], "lastModified": "2017-08-08T01:29:16.117", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:novell:identity_manager:3.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "681283D5-0BF4-4E47-BC4A-E6B95C0A71AE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}