Integer Overflow Vulnerability in McAfee E-Business Server
CVE-2007-2957

Currently unrated

Key Information:

Vendor: Mcafee
Status: E-business Server
Vendor: CVE Published:; 31 October 2007

Summary

An integer overflow vulnerability in the McAfee E-Business Server allows remote attackers to exploit a large length value in an authentication packet. This flaw can lead to a heap-based buffer overflow, enabling unauthorized execution of arbitrary code on affected systems running outdated versions of the server on Solaris, Linux, HP-UX, and AIX platforms.

References

https://knowledge.mcafee.com/SupportSite/dynamickc.do?ext...

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2007/3663

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/26372

third-party-advisoryx_refsource_SECUNIA

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 31, 2007
Vulnerability Reserved
May 31, 2007