Vulnerability Description
Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, and before 8.1.2 for Linux, HP-UX, and AIX, allows remote attackers to execute arbitrary code via a large length value in an authentication packet, which results in a heap-based buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mcafee | E-Business Server | <= 8.1.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/26372Vendor Advisory
- http://secunia.com/secunia_research/2007-69/advisory/Vendor Advisory
- http://securitytracker.com/id?1018878
- http://www.securityfocus.com/bid/26269
- http://www.vupen.com/english/advisories/2007/3663
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38175
- https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=614035&sliceId=Patch
- http://secunia.com/advisories/26372Vendor Advisory
- http://secunia.com/secunia_research/2007-69/advisory/Vendor Advisory
- http://securitytracker.com/id?1018878
- http://www.securityfocus.com/bid/26269
- http://www.vupen.com/english/advisories/2007/3663
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38175
- https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=614035&sliceId=Patch
FAQ
What is CVE-2007-2957?
CVE-2007-2957 is a vulnerability with a CVSS score of 9.3 (HIGH). Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, and before 8.1.2 for Linux, HP-UX, and AIX, allows remote attackers to execute arbitrary code via a large length value in an auth...
How severe is CVE-2007-2957?
CVE-2007-2957 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2957?
Check the references section above for vendor advisories and patch information. Affected products include: Mcafee E-Business Server.