Vulnerability Details : CVE-2007-3791
Buffer overflow in the w_read function in sockets.c in Cami Sardinha and Nigel Kukard policyd before 1.81 for Postfix allows remote attackers to cause a denial of service and possibly execute arbitrary code via long SMTP commands. NOTE: some of these details are obtained from third party information.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2007-3791
- cpe:2.3:a:policyd:policyd:1.71:*:*:*:*:*:*:*
- cpe:2.3:a:policyd:policyd:1.72:*:*:*:*:*:*:*
- cpe:2.3:a:policyd:policyd:1.73:*:*:*:*:*:*:*
- cpe:2.3:a:policyd:policyd:1.80:*:*:*:*:*:*:*
- cpe:2.3:a:policyd:policyd:1.74:*:*:*:*:*:*:*
- cpe:2.3:a:policyd:policyd:1.75:*:*:*:*:*:*:*
- cpe:2.3:a:policyd:policyd:1.70:*:*:*:*:*:*:*
- cpe:2.3:a:policyd:policyd:1.78:*:*:*:*:*:*:*
- cpe:2.3:a:policyd:policyd:1.79:*:*:*:*:*:*:*
- cpe:2.3:a:policyd:policyd:1.76:*:*:*:*:*:*:*
- cpe:2.3:a:policyd:policyd:1.77:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-3791
4.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-3791
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2007-3791
-
http://osvdb.org/38091
-
http://www.debian.org/security/2007/dsa-1361
-
http://secunia.com/advisories/26649
-
http://svn.linuxrulz.org/WebSVN/log.php?repname=Policyd&path=%2Fbranches%2Fv1.8x%2Fsockets.c&rev=0&sc=0&isdir=0
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/35394
-
http://secunia.com/advisories/26021
Vendor Advisory
-
http://sourceforge.net/project/shownotes.php?release_id=522366
-
http://www.securityfocus.com/bid/24899
-
http://svn.linuxrulz.org/WebSVN/diff.php?repname=Policyd&path=%2Ftrunk%2Fsockets.c&rev=4&sc=0
Jump to