Vulnerability CVE-2007-0157

Vulnerability Name:

CVE-2007-0157 (CCN-31412)

Assigned:

2006-01-07

Published:

2006-01-07

Updated:

2011-03-08

Summary:

Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Denial of Service

References:

Source: CONFIRM
Type: UNKNOWN
http://bugs.debian.org/cgi-bin/bugreport.cgi/neon26_0.26.2-3_to_mdx1.diff?bug=404723;msg=5;att=2

Source: CCN
Type: Debian Bug report logs - #404723
src/ne_uri.c:ne_uri_parse():179 (uri_lookup(x) macro) - SIGSERV when parsing a non-ASCII character (>128)

Source: CONFIRM
Type: UNKNOWN
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404723

Source: MITRE
Type: CNA
CVE-2007-0157

Source: MLIST
Type: UNKNOWN
[cadaver] 20070123 release 0.22.5

Source: CCN
Type: neon Mailing List, Sun Jan 7 20:06:58 PST 2007
[neon] invalid chars cause sigserv in neon

Source: MLIST
Type: UNKNOWN
[neon] 20070107 invalid chars cause sigserv in neon

Source: OSVDB
Type: UNKNOWN
39247

Source: CCN
Type: SA23751
neon "ne_uri_parse()" Denial of Service

Source: SECUNIA
Type: UNKNOWN
23751

Source: SECUNIA
Type: UNKNOWN
23763

Source: CCN
Type: SA23984
SUSE Update for Multiple Packages

Source: SECUNIA
Type: UNKNOWN
23984

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:013

Source: SUSE
Type: UNKNOWN
SUSE-SR:2007:002

Source: CCN
Type: OSVDB ID: 39247
neon URI Parser uri_lookup Function Non-ASCII Character Overflow

Source: BID
Type: UNKNOWN
22035

Source: CCN
Type: BID-22035
Neon LibNeon Non-Ascii Character URI Data Denial Of Service Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2007-0172

Source: VUPEN
Type: UNKNOWN
ADV-2007-0362

Source: CONFIRM
Type: UNKNOWN
http://www.webdav.org/cadaver/

Source: XF
Type: UNKNOWN
neon-urilookup-dos(31412)

Source: SUSE
Type: SUSE-SR:2007:002
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:neon:neon:0.26.0:*:*:*:*:*:*:*

OR cpe:/a:neon:neon:0.26.1:*:*:*:*:*:*:*

OR cpe:/a:neon:neon:0.26.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20070157	V	CVE-2007-0157	2022-06-30
oval:org.opensuse.security:def:42365	P	Security update for mozilla-nss (Important)	2022-04-11
oval:org.opensuse.security:def:112719	P	libneon-devel-0.31.2-2.6 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:26220	P	Security update for MozillaFirefox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:26226	P	Security update for openexr (Important)	2022-01-12
oval:org.opensuse.security:def:31754	P	Security update for libsndfile (Important)	2022-01-05
oval:org.opensuse.security:def:31370	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:26187	P	Security update for libvpx (Moderate)	2021-12-23
oval:org.opensuse.security:def:26177	P	Security update for webkit2gtk3 (Important)	2021-12-01
oval:org.opensuse.security:def:31308	P	Security update for postgresql96 (Important)	2021-11-22
oval:org.opensuse.security:def:32201	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:106192	P	libneon-devel-0.31.2-2.6 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:26138	P	Security update for python-urllib3 (Moderate)	2021-09-29
oval:org.opensuse.security:def:31278	P	Security update for xen (Important)	2021-09-23
oval:org.opensuse.security:def:31680	P	Security update for transfig (Moderate)	2021-09-16
oval:org.opensuse.security:def:31676	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:32179	P	Security update for libesmtp (Important)	2021-09-02
oval:org.opensuse.security:def:31670	P	Security update for python-PyYAML (Important)	2021-08-24
oval:org.opensuse.security:def:31669	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:31668	P	Security update for java-1_8_0-openjdk (Important)	2021-08-20
oval:org.opensuse.security:def:31234	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-07-27
oval:org.opensuse.security:def:26093	P	Security update for dbus-1 (Important)	2021-07-21
oval:org.opensuse.security:def:31223	P	Security update for systemd (Important)	2021-07-21
oval:org.opensuse.security:def:26092	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:32140	P	Security update for MozillaFirefox (Important)	2021-07-16
oval:org.opensuse.security:def:26085	P	Security update for arpwatch (Important)	2021-06-28
oval:org.opensuse.security:def:26081	P	Security update for libgcrypt (Important)	2021-06-24
oval:org.opensuse.security:def:32122	P	Security update for apache2 (Important)	2021-06-17
oval:org.opensuse.security:def:31643	P	Security update for apache2 (Important)	2021-06-17
oval:org.opensuse.security:def:36467	P	libneon-devel-0.29.6-6.7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42609	P	libneon27-0.29.6-6.7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36202	P	libneon27-0.29.6-6.7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32922	P	Security update for curl (Moderate)	2021-05-26
oval:org.opensuse.security:def:32091	P	Security update for python3 (Important)	2021-05-17
oval:org.opensuse.security:def:26036	P	Security update for MozillaFirefox (Important)	2021-04-27
oval:org.opensuse.security:def:26028	P	Security update for xorg-x11-server (Important)	2021-04-13
oval:org.opensuse.security:def:31146	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:42162	P	Security update for python3 (Moderate)	2021-03-24
oval:org.opensuse.security:def:32278	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:31735	P	Security update for perl-XML-Twig (Moderate)	2021-03-01
oval:org.opensuse.security:def:31726	P	Security update for the Linux Kernel (Important)	2021-02-12
oval:org.opensuse.security:def:32245	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:31222	P	Security update for MozillaFirefox (Important)	2021-01-29
oval:org.opensuse.security:def:26037	P	Security update for the Linux Kernel (Important)	2021-01-15
oval:org.opensuse.security:def:25984	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:35755	P	libneon27-0.29.6-6.7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:41999	P	libneon27-0.28.3-2.12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35958	P	libneon27-0.29.6-6.7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35592	P	libneon27-0.28.3-2.12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25520	P	Security update for krb5-appl (Important)	2020-12-01
oval:org.opensuse.security:def:31978	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:26017	P	Security update for gnome-shell (Low)	2020-12-01
oval:org.opensuse.security:def:25590	P	Security update for dovecot22 (Important)	2020-12-01
oval:org.opensuse.security:def:31832	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:26483	P	Security update for chromium (Moderate)	2020-12-01
oval:org.opensuse.security:def:33165	P	libneon27 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25955	P	Security update for gstreamer-0_10-plugins-bad (Moderate)	2020-12-01
oval:org.opensuse.security:def:31814	P	Security update for apache2-mod_nss (Moderate)	2020-12-01
oval:org.opensuse.security:def:26754	P	libneon27 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25731	P	Security update for memcached (Moderate)	2020-12-01
oval:org.opensuse.security:def:27165	P	krb5-plugin-kdb-ldap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25822	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:31880	P	Security update for dhcpcd (Important)	2020-12-01
oval:org.opensuse.security:def:25306	P	Security update for squid (Critical)	2020-12-01
oval:org.opensuse.security:def:26328	P	used on wotan :) (Low)	2020-12-01
oval:org.opensuse.security:def:25875	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32557	P	libneon27 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25751	P	Security update for libssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:31514	P	Security update for quagga (Moderate)	2020-12-01
oval:org.opensuse.security:def:32883	P	ibutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25381	P	Security update for java-1_8_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:31792	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26695	P	fetchmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26557	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25763	P	Security Update for Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25485	P	Security update for cups (Important)	2020-12-01
oval:org.opensuse.security:def:31888	P	Security update for evince (Moderate)	2020-12-01
oval:org.opensuse.security:def:26284	P	Security update for taglib (Low)	2020-12-01
oval:org.opensuse.security:def:31061	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25793	P	Security update for icedtea-web (Moderate)	2020-12-01
oval:org.opensuse.security:def:26748	P	libgnomesu on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31425	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:25720	P	Security update for tomcat (Important)	2020-12-01
oval:org.opensuse.security:def:31976	P	Security update for jasper (Moderate)	2020-12-01
oval:org.opensuse.security:def:26957	P	libneon27 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25143	P	Security update for soundtouch (Moderate)	2020-12-01
oval:org.opensuse.security:def:25934	P	Security update for the Linux kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32383	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:27430	P	libadns-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31437	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26358	P	Security update for Mozilla Thunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:32042	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25155	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:31532	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:26381	P	Security update for ffmpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:32444	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25509	P	Security update for libssh (Important)	2020-12-01
oval:org.opensuse.security:def:31886	P	Security update for ed (Low)	2020-12-01
oval:org.opensuse.security:def:26593	P	libnetpbm10 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32719	P	libneon27 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26016	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:25347	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:26469	P	Security update for phpMyAdmin (Important)	2020-12-01
oval:org.opensuse.security:def:33126	P	kdirstat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25584	P	Security update for xerces-c (Moderate)	2020-12-01
oval:org.opensuse.security:def:32035	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31775	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:26719	P	ipsec-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25647	P	Security update for freetype2 (Important)	2020-12-01
oval:org.opensuse.security:def:26527	P	boost-license on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25773	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:31836	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:25882	P	Security update for python-tornado (Moderate)	2020-12-01
oval:org.opensuse.security:def:27200	P	libneon27 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25305	P	Security update for java-1_8_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:25861	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32518	P	gd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31427	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25317	P	Security update for libqt5-qtbase (Important)	2020-12-01
oval:org.opensuse.security:def:26646	P	unzip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25919	P	Security update for libplist (Moderate)	2020-12-01
oval:org.opensuse.security:def:25752	P	Security update for libreoffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:25428	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:26240	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:31060	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25712	P	Security update for python36 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31879	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:26734	P	ldapsmb on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26592	P	libneon27 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25827	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:25569	P	Security update for tomcat (Important)	2020-12-01
oval:org.opensuse.security:def:31937	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:26922	P	java-1_7_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31072	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25850	P	Security update for libreoffice (Low)	2020-12-01
oval:org.opensuse.security:def:32334	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:26792	P	openssh on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31426	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26301	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:25935	P	Security update for libcares2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31998	P	Security update for jpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:25144	P	Security update for python3 (Important)	2020-12-01
oval:org.opensuse.security:def:31440	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:32422	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:27465	P	libneon-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25508	P	Security update for mailman (Important)	2020-12-01
oval:org.opensuse.security:def:31511	P	Security update for python27-urllib3, python27-boto3, python27-botocore, python27-s3transfer (Moderate)	2020-12-01
oval:org.opensuse.security:def:26442	P	Security update for irssi (Moderate)	2020-12-01
oval:org.opensuse.security:def:26023	P	Security update for evince (Important)	2020-12-01
oval:org.opensuse.security:def:32680	P	gtk2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25219	P	Security update for java-1_8_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:31589	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:26430	P	Security update for phpMyAdmin (Moderate)	2020-12-01
oval:org.opensuse.security:def:32488	P	apache2-mod_perl on GA media (Moderate)	2020-12-01

BACK