Search criteria
4 vulnerabilities found for arcsde by esri
CVE-2007-4278 (GCVE-0-2007-4278)
Vulnerability from nvd – Published: 2007-08-15 22:00 – Updated: 2024-08-07 14:46
VLAI?
Summary
Stack-based buffer overflow in the giomgr process in ESRI ArcSDE service 9.2, as used with ArcGIS, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number that requires more than 8 bytes to represent in ASCII, which triggers the overflow in an sprintf function call.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.esri.com/support/downloads/other_/ArcSDE-92sp3-issues.htm"
},
{
"name": "26452",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26452"
},
{
"name": "esri-arcsde-numeric-bo(36042)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36042"
},
{
"name": "1018574",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018574"
},
{
"name": "ADV-2007-2911",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2911"
},
{
"name": "20070815 ESRI ArcSDE Numeric Literal Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=577"
},
{
"name": "25334",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25334"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the giomgr process in ESRI ArcSDE service 9.2, as used with ArcGIS, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number that requires more than 8 bytes to represent in ASCII, which triggers the overflow in an sprintf function call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.esri.com/support/downloads/other_/ArcSDE-92sp3-issues.htm"
},
{
"name": "26452",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26452"
},
{
"name": "esri-arcsde-numeric-bo(36042)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36042"
},
{
"name": "1018574",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018574"
},
{
"name": "ADV-2007-2911",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2911"
},
{
"name": "20070815 ESRI ArcSDE Numeric Literal Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=577"
},
{
"name": "25334",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25334"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the giomgr process in ESRI ArcSDE service 9.2, as used with ArcGIS, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number that requires more than 8 bytes to represent in ASCII, which triggers the overflow in an sprintf function call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.esri.com/support/downloads/other_/ArcSDE-92sp3-issues.htm",
"refsource": "CONFIRM",
"url": "http://downloads.esri.com/support/downloads/other_/ArcSDE-92sp3-issues.htm"
},
{
"name": "26452",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26452"
},
{
"name": "esri-arcsde-numeric-bo(36042)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36042"
},
{
"name": "1018574",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018574"
},
{
"name": "ADV-2007-2911",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2911"
},
{
"name": "20070815 ESRI ArcSDE Numeric Literal Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=577"
},
{
"name": "25334",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25334"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4278",
"datePublished": "2007-08-15T22:00:00",
"dateReserved": "2007-08-09T00:00:00",
"dateUpdated": "2024-08-07T14:46:39.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1770 (GCVE-0-2007-1770)
Vulnerability from nvd – Published: 2007-03-30 01:00 – Updated: 2024-08-07 13:06
VLAI?
Summary
Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1017874",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017874"
},
{
"name": "23175",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23175"
},
{
"name": "arcsde-tcpport-bo(33457)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33457"
},
{
"name": "24639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24639"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch\u0026PID=19\u0026MetaID=1261"
},
{
"name": "arcsde-three-tiered-dos(33282)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33282"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch\u0026PID=19\u0026MetaID=1262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch\u0026PID=19\u0026MetaID=1260"
},
{
"name": "20070404 ESRI ArcSDE Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507"
},
{
"name": "ADV-2007-1140",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1017874",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017874"
},
{
"name": "23175",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23175"
},
{
"name": "arcsde-tcpport-bo(33457)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33457"
},
{
"name": "24639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24639"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch\u0026PID=19\u0026MetaID=1261"
},
{
"name": "arcsde-three-tiered-dos(33282)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33282"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch\u0026PID=19\u0026MetaID=1262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch\u0026PID=19\u0026MetaID=1260"
},
{
"name": "20070404 ESRI ArcSDE Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507"
},
{
"name": "ADV-2007-1140",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017874",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017874"
},
{
"name": "23175",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23175"
},
{
"name": "arcsde-tcpport-bo(33457)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33457"
},
{
"name": "24639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24639"
},
{
"name": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch\u0026PID=19\u0026MetaID=1261",
"refsource": "CONFIRM",
"url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch\u0026PID=19\u0026MetaID=1261"
},
{
"name": "arcsde-three-tiered-dos(33282)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33282"
},
{
"name": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch\u0026PID=19\u0026MetaID=1262",
"refsource": "CONFIRM",
"url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch\u0026PID=19\u0026MetaID=1262"
},
{
"name": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch\u0026PID=19\u0026MetaID=1260",
"refsource": "CONFIRM",
"url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch\u0026PID=19\u0026MetaID=1260"
},
{
"name": "20070404 ESRI ArcSDE Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507"
},
{
"name": "ADV-2007-1140",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1770",
"datePublished": "2007-03-30T01:00:00",
"dateReserved": "2007-03-29T00:00:00",
"dateUpdated": "2024-08-07T13:06:26.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4278 (GCVE-0-2007-4278)
Vulnerability from cvelistv5 – Published: 2007-08-15 22:00 – Updated: 2024-08-07 14:46
VLAI?
Summary
Stack-based buffer overflow in the giomgr process in ESRI ArcSDE service 9.2, as used with ArcGIS, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number that requires more than 8 bytes to represent in ASCII, which triggers the overflow in an sprintf function call.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.esri.com/support/downloads/other_/ArcSDE-92sp3-issues.htm"
},
{
"name": "26452",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26452"
},
{
"name": "esri-arcsde-numeric-bo(36042)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36042"
},
{
"name": "1018574",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018574"
},
{
"name": "ADV-2007-2911",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2911"
},
{
"name": "20070815 ESRI ArcSDE Numeric Literal Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=577"
},
{
"name": "25334",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25334"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the giomgr process in ESRI ArcSDE service 9.2, as used with ArcGIS, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number that requires more than 8 bytes to represent in ASCII, which triggers the overflow in an sprintf function call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.esri.com/support/downloads/other_/ArcSDE-92sp3-issues.htm"
},
{
"name": "26452",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26452"
},
{
"name": "esri-arcsde-numeric-bo(36042)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36042"
},
{
"name": "1018574",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018574"
},
{
"name": "ADV-2007-2911",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2911"
},
{
"name": "20070815 ESRI ArcSDE Numeric Literal Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=577"
},
{
"name": "25334",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25334"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the giomgr process in ESRI ArcSDE service 9.2, as used with ArcGIS, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number that requires more than 8 bytes to represent in ASCII, which triggers the overflow in an sprintf function call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.esri.com/support/downloads/other_/ArcSDE-92sp3-issues.htm",
"refsource": "CONFIRM",
"url": "http://downloads.esri.com/support/downloads/other_/ArcSDE-92sp3-issues.htm"
},
{
"name": "26452",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26452"
},
{
"name": "esri-arcsde-numeric-bo(36042)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36042"
},
{
"name": "1018574",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018574"
},
{
"name": "ADV-2007-2911",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2911"
},
{
"name": "20070815 ESRI ArcSDE Numeric Literal Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=577"
},
{
"name": "25334",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25334"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4278",
"datePublished": "2007-08-15T22:00:00",
"dateReserved": "2007-08-09T00:00:00",
"dateUpdated": "2024-08-07T14:46:39.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1770 (GCVE-0-2007-1770)
Vulnerability from cvelistv5 – Published: 2007-03-30 01:00 – Updated: 2024-08-07 13:06
VLAI?
Summary
Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1017874",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017874"
},
{
"name": "23175",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23175"
},
{
"name": "arcsde-tcpport-bo(33457)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33457"
},
{
"name": "24639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24639"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch\u0026PID=19\u0026MetaID=1261"
},
{
"name": "arcsde-three-tiered-dos(33282)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33282"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch\u0026PID=19\u0026MetaID=1262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch\u0026PID=19\u0026MetaID=1260"
},
{
"name": "20070404 ESRI ArcSDE Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507"
},
{
"name": "ADV-2007-1140",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1017874",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017874"
},
{
"name": "23175",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23175"
},
{
"name": "arcsde-tcpport-bo(33457)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33457"
},
{
"name": "24639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24639"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch\u0026PID=19\u0026MetaID=1261"
},
{
"name": "arcsde-three-tiered-dos(33282)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33282"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch\u0026PID=19\u0026MetaID=1262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch\u0026PID=19\u0026MetaID=1260"
},
{
"name": "20070404 ESRI ArcSDE Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507"
},
{
"name": "ADV-2007-1140",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017874",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017874"
},
{
"name": "23175",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23175"
},
{
"name": "arcsde-tcpport-bo(33457)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33457"
},
{
"name": "24639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24639"
},
{
"name": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch\u0026PID=19\u0026MetaID=1261",
"refsource": "CONFIRM",
"url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch\u0026PID=19\u0026MetaID=1261"
},
{
"name": "arcsde-three-tiered-dos(33282)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33282"
},
{
"name": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch\u0026PID=19\u0026MetaID=1262",
"refsource": "CONFIRM",
"url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch\u0026PID=19\u0026MetaID=1262"
},
{
"name": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch\u0026PID=19\u0026MetaID=1260",
"refsource": "CONFIRM",
"url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch\u0026PID=19\u0026MetaID=1260"
},
{
"name": "20070404 ESRI ArcSDE Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507"
},
{
"name": "ADV-2007-1140",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1770",
"datePublished": "2007-03-30T01:00:00",
"dateReserved": "2007-03-29T00:00:00",
"dateUpdated": "2024-08-07T13:06:26.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}