NVD Vulnerability Detail

CVE-2007-2651

Summary	Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27 allow remote attackers to cause a denial of service (connection loss) or possibly execute arbitrary code via a (1) DNS name response of the exact length as a buffer; or a long (2) channel name, (3) partyline channel name, or unspecified vectors in crafted BOTNET packets.
Publication Date	May 15, 2007, 6:19 a.m.
Registration Date	Jan. 29, 2021, 2:12 p.m.
Last Update	July 29, 2017, 10:31 a.m.

CVSS2.0 : HIGH
Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	はい
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.1:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.2:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.3:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.4:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.5:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.6:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.7:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.8:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.9:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.10:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.11:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.12:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.13:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.14:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.15:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.16:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.18:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.19:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.20:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.21:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.22:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.23:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.24:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.25:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.26:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.27:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.28:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.29:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.30:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.31:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.32:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.33:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.34:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.35:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.36:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.37:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.38:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.39:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.40:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.41:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.42:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.43:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.44:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.45:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.46:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.47:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.48:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.49:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.50:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.51:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.52:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.53:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.54:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.55:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.56:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.57:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.58:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.59:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.60:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta0:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta1:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta2:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta3:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta4:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta5:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta6:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta7:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta8:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta9:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta10:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta11:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta12:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta13:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta14:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta15:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta16:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta17:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta18:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta19:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta20:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta21:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta22:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta23:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta24:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta25:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta26:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://osvdb.org/41985	OSVDB
2	http://osvdb.org/41986	OSVDB
3	http://sourceforge.net/project/shownotes.php?release_id=497807&group_id=116847	CONFIRM	Patch
4	http://www.securityfocus.com/bid/23929	BID
5	http://www.vupen.com/english/advisories/2007/1756	VUPEN
6	https://exchange.xforce.ibmcloud.com/vulnerabilities/34229	XF

Common Vulnerabilities List

JVN Vulnerability Information

VooDoo cIRCle におけるサービス運用妨害 (DoS) の脆弱性

Title	VooDoo cIRCle におけるサービス運用妨害 (DoS) の脆弱性
Summary	VooDoo cIRCle は、一つずれエラー (Off-by-one) が発生するため、サービス運用妨害 (接続の損失) 状態にされる、または任意のコードを実行される脆弱性が存在します。
Possible impacts	第三者により、以下の場所および巧妙に細工された BOTNET パケット内の不特定の経路を介して、サービス運用妨害 (接続の損失) 状態にされる、または任意のコードを実行される可能性があります。 (1) バッファと同じ長さの DNS 名のレスポンス (2) 過度に長いチャンネル名 (3) partyline チャンネル名
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	May 14, 2007, midnight
Registration Date	Dec. 20, 2012, 6:19 p.m.
Last Update	Dec. 20, 2012, 6:19 p.m.

Affected System

voodoo circle

voodoo circle 1.1.beta27 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-2651	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2651
National Vulnerability Database (NVD)
2	CVE-2007-2651	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2651

ベンダー情報

No	Name	URL
voodoo circle
1	VooDoo cIRCle	http://voodoo-circle.sourceforge.net/

Change Log

No	Changed Details	Date of change
0	[2012年12月20日] 掲載	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.1:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.2:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.3:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.4:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.5:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.6:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.7:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.8:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.9:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.10:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.11:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.12:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.13:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.14:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.15:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.16:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.18:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.19:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.20:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.21:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.22:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.23:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.24:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.25:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.26:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.27:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.28:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.29:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.30:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.31:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.32:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.33:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.34:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.35:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.36:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.37:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.38:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.39:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.40:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.41:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.42:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.43:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.44:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.45:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.46:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.47:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.48:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.49:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.50:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.51:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.52:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.53:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.54:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.55:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.56:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.57:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.58:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.59:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.0.60:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta0:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta1:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta2:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta3:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta4:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta5:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta6:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta7:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta8:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta9:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta10:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta11:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta12:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta13:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta14:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta15:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta16:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta17:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta18:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta19:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta20:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta21:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta22:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta23:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta24:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta25:::::::*
cpe:2.3:a:voodoo_circle:voodoo_circle:1.1.beta26:::::::*