Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.100270
Category:Buffer overflow
Title:SIDVault 'simple_bind()' Function Multiple Remote Buffer Overflow Vulnerabilities
Summary:SIDVault is prone to multiple remote buffer-overflow vulnerabilities because; the application fails to properly bounds- check user-supplied input before; copying it to an insufficiently sized memory buffer.
Description:Summary:
SIDVault is prone to multiple remote buffer-overflow vulnerabilities because
the application fails to properly bounds- check user-supplied input before
copying it to an insufficiently sized memory buffer.

Vulnerability Impact:
An attacker can exploit these issues to execute arbitrary code with superuser
privileges. Successfully exploiting these issues will result in the complete
compromise of affected computers. Failed exploit attempts will result in a
denial-of-service condition.

Affected Software/OS:
These issues affect versions prior to SIDVault 2.0f.

Solution:
The vendor released SIDVault 2.0f to address this issue. Please see
the references for more information.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 25460
Common Vulnerability Exposure (CVE) ID: CVE-2007-4566
http://www.securityfocus.com/bid/25460
Bugtraq: 20070826 SIDVault LDAP Server Remote Buffer Overflow (Google Search)
http://www.securityfocus.com/archive/1/477821/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065453.html
http://www.securitytracker.com/id?1018612
http://secunia.com/advisories/26613
http://securityreason.com/securityalert/3061
http://www.vupen.com/english/advisories/2007/2976
XForce ISS Database: sidvault-ldap-bo(36272)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36272
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.