Details of VAR-200212-0882

ID

VAR-200212-0882

TITLE

SkyStream Edge Media Router-5000 Local Buffer Overflow Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2002-4398 // BID: 6486

DESCRIPTION

The SkyStream Edge Media Router-5000 (EMR5000) is a DVB multicast router product. The Edge Media Router comes with shell support for client access, allowing users to manage and configure the system through this. An overflow vulnerability exists in the user shell implementation that could be exploited by a remote attacker to escalate its privileges. The shell program does not use the GNU readline library, but implements its own dedicated shell control process. There is a buffer overflow problem when reading and verifying user input. An attacker who has obtained shell access rights may use this vulnerability to execute arbitrary instructions. Your own permissions. It is possible to trigger this condition by supplying an overly long string from the command line of the client shell

Trust: 0.81

sources: CNVD: CNVD-2002-4398 // BID: 6486

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2002-4398

AFFECTED PRODUCTS

vendor:	emr5000	model:	skystream	scope:	eq	version:	1.18	Trust: 0.6
vendor:	emr5000	model:	skystream	scope:	eq	version:	1.17	Trust: 0.6
vendor:	emr5000	model:	skystream	scope:	eq	version:	1.16	Trust: 0.6
vendor:	skystream	model:	emr5000	scope:	eq	version:	1.18	Trust: 0.3
vendor:	skystream	model:	emr5000	scope:	eq	version:	1.17	Trust: 0.3
vendor:	skystream	model:	emr5000	scope:	eq	version:	1.16	Trust: 0.3

sources: CNVD: CNVD-2002-4398 // BID: 6486

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2002-4398
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2002-4398
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2002-4398

THREAT TYPE

local

Trust: 0.3

sources: BID: 6486

TYPE

Boundary Condition Error

Trust: 0.3

sources: BID: 6486

PATCH

title:

Patch for SkyStream Edge Media Router-5000 Local Buffer Overflow Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/36186

Trust: 0.6

sources: CNVD: CNVD-2002-4398

EXTERNAL IDS

db:	BID	id:	6486	Trust: 0.9
db:	CNVD	id:	CNVD-2002-4398	Trust: 0.6

sources: CNVD: CNVD-2002-4398 // BID: 6486

REFERENCES

url:	http://archives.neohapsis.com/archives/bugtraq/2002-12/0255.html	Trust: 0.6
url:	/archive/1/304534	Trust: 0.3

sources: CNVD: CNVD-2002-4398 // BID: 6486

CREDITS

Discovery of this issue is credited to Global InterSec Research <research@globalintersec.com>.

Trust: 0.3

sources: BID: 6486

SOURCES

db:	CNVD	id:	CNVD-2002-4398
db:	BID	id:	6486

LAST UPDATE DATE

2022-05-17T02:08:45.821000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2002-4398	date:	2002-12-27T00:00:00
db:	BID	id:	6486	date:	2002-12-27T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2002-4398	date:	2002-12-27T00:00:00
db:	BID	id:	6486	date:	2002-12-27T00:00:00