Vulnerability CVE-2010-3281
Published: 2010-09-23   Modified: 2012-02-13

Description:
Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucent OmniVista 4760 server before R5.1.06.03.c_Patch3 allows remote attackers to execute arbitrary code or cause a denial of service (service crash) via a long request.

Type:

CWE-119

 (Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:A/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.4/10
6.4/10
5.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Alcatel-lucent -> Omnivista 4760 server 

 References:
http://xforce.iss.net/xforce/xfdb/61922
http://www.vupen.com/english/advisories/2010/2460
http://www.securityfocus.com/bid/43338
http://www.securityfocus.com/archive/1/513866
http://www.securityfocus.com/archive/1/513865
http://www.nruns.com/_downloads/nruns-SA-2010-002.pdf
http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010002.pdf
http://secunia.com/advisories/41508
Copyright 2024, cxsecurity.com

 

Back to Top