Vulnerability CVE-2007-1030


Published: 2007-02-21   Modified: 2011-03-07

Description:
Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of service (infinite loop) via a DNS response containing a label pointer that references its own offset.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Remote DoS in libevent DNS parsing <= 1.2a
Jon Oberheide
22.02.2007

Vendor: Niels provos
Product: Libevent 
Version: 1.2a; 1.2;

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://www.securityfocus.com/bid/22606
http://www.vupen.com/english/advisories/2007/0647
http://www.securityfocus.com/archive/1/archive/1/460530/100/0/threaded
http://secunia.com/advisories/24181
http://osvdb.org/33228
http://monkey.org/~provos/libevent/
http://securityreason.com/securityalert/2268

Related CVE
CVE-2009-0343
Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a policy-compliant 64-bit syscall, related to race cond...
CVE-2006-4292
Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows remote attackers to cause a denial of service (application crash) via certain Address Resolution Protocol (ARP) packets.
CVE-2006-0752
Niels Provos Honeyd before 1.5 replies to certain illegal IP packet fragments that other IP stack implementations would drop, which allows remote attackers to identify IP addresses that are being simulated using honeyd.
CVE-2004-2095
Honeyd before 0.8 replies to TCP packets with the SYN and RST flags set, which allows remote attackers to identify IP addresses that are being simulated by Honeyd.

Copyright 2017, cxsecurity.com

 

Back to Top