CVE-2010-3281:omnivista_4760_server: Stack-based buffer overflow in the HTTP proxy servi...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-3281

omnivista_4760_server: Stack-based buffer overflow in the HTTP proxy servi...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3281

Original

Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucent OmniVista 4760 server before R5.1.06.03.c_Patch3 allows remote attackers to execute arbitrary code or cause a denial of service (service crash) via a long request.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-09-23

Source Information Category:

Advisory, Alert

Last Updated:

2010-09-24

Affected Product Tags

cpe:/a:alcatel-lucent:omnivista_4760_server:4.1.13.00

cpe:/a:alcatel-lucent:omnivista_4760_server:5.0

cpe:/a:alcatel-lucent:omnivista_4760_server:5.1

cpe:/a:alcatel-lucent:omnivista_4760_server:5.1.06.03.c

cpe:/a:alcatel-lucent:omnivista_4760_server:5.1.06.03.c:patch2 and previous versions

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

BID 43338

BUGTRAQ 20100920 n.runs-SA-2010.002 - Alcatel-Lucent - arbitrary code execution on OmniVista 4760

CONFIRM http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010002.pdf

MISC http://www.nruns.com/_downloads/nruns-SA-2010-002.pdf

SECUNIA 41508

VUPEN ADV-2010-2460

Vulnerability Type Buffer Errors (CWE-119)

XF omnivista-http-bo(61922)