| Vulnerability Name: | CVE-2007-2835 (CCN-35382) | ||||||||||||
| Assigned: | 2007-07-01 | ||||||||||||
| Published: | 2007-07-01 | ||||||||||||
| Updated: | 2017-07-29 | ||||||||||||
| Summary: | Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_pinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable. | ||||||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C) 5.0 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: CCN Type: Debian Bug report logs - #431336 CVE-2007-2835 : Buffer overflow Source: MISC Type: UNKNOWN http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=431336 Source: MITRE Type: CNA CVE-2007-2835 Source: OSVDB Type: UNKNOWN 37794 Source: CCN Type: SA25910 UNICON "HOME" Environment Variable Buffer Overflow Vulnerability Source: SECUNIA Type: UNKNOWN 25910 Source: SECUNIA Type: UNKNOWN 25912 Source: DEBIAN Type: UNKNOWN DSA-1328 Source: DEBIAN Type: DSA-1328 unicon-imc2 -- buffer overflow Source: CCN Type: OSVDB ID: 37794 unicon-imc2 Multiple Binary HOME Environment Variable Local Overflow Source: BID Type: UNKNOWN 24719 Source: CCN Type: BID-24719 Unicon-imc2 Environment Variable Buffer Overflow Vulnerability Source: XF Type: UNKNOWN uniconimc2-ccepinyin-xlpinyin-bo(35382) Source: XF Type: UNKNOWN uniconimc2-ccepinyin-xlpinyin-bo(35382) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||