CVE-2007-2010 - Vulnerability Details - OpenCVE

Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bftpd	Bftpd

Configuration 1 [-]

cpe:2.3:a:bftpd:bftpd:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://bftpd.sourceforge.net/
http://bftpd.sourceforge.net/downloads/CHANGELOG
http://osvdb.org/34889
http://secunia.com/advisories/24864
http://www.securityfocus.com/bid/23406
http://www.vupen.com/english/advisories/2007/1347
https://exchange.xforce.ibmcloud.com/vulnerabilities/33594

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-12T19:00:00

Updated: 2024-08-07T13:13:41.977Z

Reserved: 2007-04-12T00:00:00

Link: CVE-2007-2010

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-04-12T19:19:00.000

Modified: 2024-11-21T00:29:41.070

Link: CVE-2007-2010

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-10T00:00:00", "descriptions": [{"lang": "en", "value": "Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "23406", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23406"}, {"name": "34889", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/34889"}, {"name": "24864", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24864"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bftpd.sourceforge.net/downloads/CHANGELOG"}, {"name": "ADV-2007-1347", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1347"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bftpd.sourceforge.net/"}, {"name": "bftpd-getmget-dos(33594)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33594"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2010", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "23406", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23406"}, {"name": "34889", "refsource": "OSVDB", "url": "http://osvdb.org/34889"}, {"name": "24864", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24864"}, {"name": "http://bftpd.sourceforge.net/downloads/CHANGELOG", "refsource": "CONFIRM", "url": "http://bftpd.sourceforge.net/downloads/CHANGELOG"}, {"name": "ADV-2007-1347", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1347"}, {"name": "http://bftpd.sourceforge.net/", "refsource": "CONFIRM", "url": "http://bftpd.sourceforge.net/"}, {"name": "bftpd-getmget-dos(33594)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33594"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:13:41.977Z"}, "title": "CVE Program Container", "references": [{"name": "23406", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23406"}, {"name": "34889", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/34889"}, {"name": "24864", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24864"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bftpd.sourceforge.net/downloads/CHANGELOG"}, {"name": "ADV-2007-1347", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1347"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bftpd.sourceforge.net/"}, {"name": "bftpd-getmget-dos(33594)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33594"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2010", "datePublished": "2007-04-12T19:00:00", "dateReserved": "2007-04-12T00:00:00", "dateUpdated": "2024-08-07T13:13:41.977Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bftpd:bftpd:*:*:*:*:*:*:*:*", "matchCriteriaId": "9250EB7A-8F60-4AD0-A434-0D9BF9C7932A", "versionEndIncluding": "1.7.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command."}, {"lang": "es", "value": "Una vulnerabilidad de doble liberaci\u00f3n en bftpd versiones anteriores a 1.8, permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (bloqueo del demonio) por medio de un comando (1) get o (2) mget."}], "id": "CVE-2007-2010", "lastModified": "2024-11-21T00:29:41.070", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-12T19:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bftpd.sourceforge.net/"}, {"source": "cve@mitre.org", "url": "http://bftpd.sourceforge.net/downloads/CHANGELOG"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/34889"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/24864"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/23406"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1347"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33594"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bftpd.sourceforge.net/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bftpd.sourceforge.net/downloads/CHANGELOG"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/34889"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/24864"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/23406"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1347"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33594"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}