CVE-2007-4004

high

Description

Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows local users to execute arbitrary code via unspecified vectors that trigger the overflow in a gets function call. NOTE: the client is setuid root on AIX, so this issue crosses privilege boundaries.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/35627

http://www.vupen.com/english/advisories/2007/2675

http://www.securitytracker.com/id?1018465

http://www.securityfocus.com/bid/25077

http://www-1.ibm.com/support/docview.wss?uid=isg1IZ01813

http://www-1.ibm.com/support/docview.wss?uid=isg1IZ01812

http://secunia.com/advisories/26219

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=571

Details

Source: Mitre, NVD

Published: 2007-07-26

Updated: 2017-07-29

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High