Sign-up

ID

VAR-200705-0117


CVE

CVE-2007-2967


TITLE

F-Secure Anti-virus products LHA Service disruption in compression components (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-002113

DESCRIPTION

Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files. Internet Gatekeeper is prone to a denial-of-service vulnerability

Trust: 1.98

sources: NVD: CVE-2007-2967 // JVNDB: JVNDB-2007-002113 // BID: 86115 // VULHUB: VHN-26329

AFFECTED PRODUCTS

vendor:f securemodel:f-secure internet securityscope:eqversion:2007

Trust: 1.9

vendor:f securemodel:f-secure internet securityscope:eqversion:2006

Trust: 1.9

vendor:f securemodel:f-secure internet securityscope:eqversion:2005

Trust: 1.9

vendor:f securemodel:f-secure anti-virusscope:eqversion:2007

Trust: 1.9

vendor:f securemodel:f-secure anti-virusscope:eqversion:2006

Trust: 1.9

vendor:f securemodel:f-secure anti-virusscope:eqversion:2005

Trust: 1.9

vendor:f securemodel:f-secure anti-virusscope:lteversion:5.61

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:lteversion:4.65

Trust: 1.0

vendor:f securemodel:f-secure anti-virus client securityscope:lteversion:6.03

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:lteversion:6.40

Trust: 1.0

vendor:f securemodel:internet gatekeeperscope:lteversion:6.60

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:lteversion:5.42

Trust: 1.0

vendor:f securemodel:internet gatekeeperscope:lteversion:2.16

Trust: 1.0

vendor:f securemodel:f-secure anti-virus linux server securityscope:lteversion:5.30

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:lteversion:5.52

Trust: 1.0

vendor:f securemodel:f-secure anti-virus linux client securityscope:lteversion:5.30

Trust: 1.0

vendor:f securemodel:f-secure anti-virusscope:lteversion:5.44

Trust: 1.0

vendor:f securemodel:f-secure protection servicescope:lteversion:6.40

Trust: 1.0

vendor:f securemodel:internet gatekeeperscope:eqversion:6.60

Trust: 0.9

vendor:f securemodel:f-secure anti-virus linux client securityscope:eqversion:5.30

Trust: 0.9

vendor:f securemodel:f-secure anti-virusscope:ltversion:microsoft windows version and linux edition 20070522

Trust: 0.8

vendor:f securemodel:internet gatekeeperscope:eqversion:2.16

Trust: 0.6

vendor:f securemodel:f-secure protection servicescope:eqversion:6.40

Trust: 0.6

vendor:f securemodel:internet gatekeeper linuxscope:eqversion:2.16

Trust: 0.3

vendor:f securemodel:f-secure protection service consumersscope:eqversion:6.40

Trust: 0.3

vendor:f securemodel:f-secure anti-virus linux server securityscope:eqversion:5.30

Trust: 0.3

vendor:f securemodel:f-secure anti-virus client securityscope:eqversion:6.03

Trust: 0.3

vendor:f securemodel:f-secure anti-virus ms exchangescope:eqversion:6.40

Trust: 0.3

vendor:f securemodel:f-secure anti-virus mimesweeperscope:eqversion:5.61

Trust: 0.3

vendor:f securemodel:f-secure anti-virus citrix serversscope:eqversion:5.52

Trust: 0.3

vendor:f securemodel:f-secure anti-virus workstationsscope:eqversion:5.44

Trust: 0.3

vendor:f securemodel:f-secure anti-virus windows serversscope:eqversion:5.42

Trust: 0.3

vendor:f securemodel:f-secure anti-virus linux serversscope:eqversion:4.65

Trust: 0.3

vendor:f securemodel:f-secure anti-virus linux gatewaysscope:eqversion:4.65

Trust: 0.3

sources: BID: 86115 // JVNDB: JVNDB-2007-002113 // CNNVD: CNNVD-200705-560 // NVD: CVE-2007-2967

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-2967
value: HIGH

Trust: 1.0

NVD: CVE-2007-2967
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200705-560
value: CRITICAL

Trust: 0.6

VULHUB: VHN-26329
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-2967
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-26329
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-26329 // JVNDB: JVNDB-2007-002113 // CNNVD: CNNVD-200705-560 // NVD: CVE-2007-2967

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-26329 // JVNDB: JVNDB-2007-002113 // NVD: CVE-2007-2967

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200705-560

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200705-560

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-002113

PATCH
title:Security advisoriesurl:http://www.f-secure.com/en/web/labs_global/security-advisories
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-002113

EXTERNAL IDS
db:NVDid:CVE-2007-2967
Trust: 2.8
db:SECTRACKid:1018148
Trust: 2.0
db:SECTRACKid:1018147
Trust: 2.0
db:SECTRACKid:1018146
Trust: 2.0
db:SECUNIAid:25440
Trust: 1.7
db:VUPENid:ADV-2007-1985
Trust: 1.7
db:OSVDBid:36726
Trust: 1.1
db:OSVDBid:36725
Trust: 1.1
db:XFid:34581
Trust: 0.9
db:JVNDBid:JVNDB-2007-002113
Trust: 0.8
db:CNNVDid:CNNVD-200705-560
Trust: 0.7
db:BUGTRAQid:20070604 N.RUNS-SA-2007.014 - F-SECURE ANTIVIRUS ARJ PARSING INFINITE LOOP ADVISORY
Trust: 0.6
db:BUGTRAQid:20070604 N.RUNS-SA-2007.015 - F-SECURE ANTIVIRUS FSG PACKED FILES PARSING INFINITE LOOP ADVISORY
Trust: 0.6
db:FULLDISCid:20070604 N.RUNS-SA-2007.014 - F-SECURE ANTIVIRUS ARJ PARSING INFINITE LOOP ADVISORY
Trust: 0.6
db:FULLDISCid:20070604 N.RUNS-SA-2007.015 - F-SECURE ANTIVIRUS FSG PACKED FILES PARSING INFINITE LOOP ADVISORY
Trust: 0.6
db:BIDid:86115
Trust: 0.4
db:VULHUBid:VHN-26329
Trust: 0.1
sources:
            
            
            VULHUB: VHN-26329 // 
            
            
            
            BID: 86115 // 
            
            
            
            JVNDB: JVNDB-2007-002113 // 
            
            
            
            CNNVD: CNNVD-200705-560 // 
            
            
            
            NVD: CVE-2007-2967

REFERENCES
url:http://www.f-secure.com/security/fsc-2007-3.shtml
Trust: 2.0
url:http://lists.grok.org.uk/pipermail/full-disclosure/2007-june/063714.html
Trust: 2.0
url:http://lists.grok.org.uk/pipermail/full-disclosure/2007-june/063715.html
Trust: 2.0
url:http://www.nruns.com/security_advisory_fsecure_arj.php
Trust: 2.0
url:http://www.nruns.com/security_advisory_fsecure_fsg.php
Trust: 2.0
url:http://www.securitytracker.com/id?1018146
Trust: 2.0
url:http://securitytracker.com/id?1018147
Trust: 2.0
url:http://www.securitytracker.com/id?1018148
Trust: 2.0
url:http://secunia.com/advisories/25440
Trust: 1.7
url:http://www.securityfocus.com/archive/1/470462/100/0/threaded
Trust: 1.1
url:http://www.securityfocus.com/archive/1/470484/100/0/threaded
Trust: 1.1
url:http://osvdb.org/36725
Trust: 1.1
url:http://osvdb.org/36726
Trust: 1.1
url:http://www.vupen.com/english/advisories/2007/1985
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/34581
Trust: 1.1
url:http://xforce.iss.net/xforce/xfdb/34581
Trust: 0.9
url:http://www.securityfocus.com/archive/1/archive/1/470484/100/0/threaded
Trust: 0.9
url:http://www.securityfocus.com/archive/1/archive/1/470462/100/0/threaded
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2967
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2967
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2007/1985
Trust: 0.6
sources:
            
            
            VULHUB: VHN-26329 // 
            
            
            
            BID: 86115 // 
            
            
            
            JVNDB: JVNDB-2007-002113 // 
            
            
            
            CNNVD: CNNVD-200705-560 // 
            
            
            
            NVD: CVE-2007-2967

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 86115

SOURCES
db:VULHUBid:VHN-26329
db:BIDid:86115
db:JVNDBid:JVNDB-2007-002113
db:CNNVDid:CNNVD-200705-560
db:NVDid:CVE-2007-2967

LAST UPDATE DATE
2024-08-14T14:47:43.601000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-26329date:2018-10-16T00:00:00
db:BIDid:86115date:2007-05-31T00:00:00
db:JVNDBid:JVNDB-2007-002113date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200705-560date:2007-06-01T00:00:00
db:NVDid:CVE-2007-2967date:2018-10-16T16:46:48.933

SOURCES RELEASE DATE
db:VULHUBid:VHN-26329date:2007-05-31T00:00:00
db:BIDid:86115date:2007-05-31T00:00:00
db:JVNDBid:JVNDB-2007-002113date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200705-560date:2007-05-31T00:00:00
db:NVDid:CVE-2007-2967date:2007-05-31T23:30:00