CVE-2007-4035 (GCVE-0-2007-4035)

Vulnerability from cvelistv5 – Published: 2007-07-27 22:00 – Updated: 2024-08-07 14:37 Disputed
VLAI
Summary
Guidance Software EnCase does not properly handle (1) certain malformed MBR partition tables with many entries, which allows remote attackers to prevent logical collection of a disk image; (2) NTFS filesystems with directory loops, which allows remote attackers to prevent examination of certain directory contents; and (3) certain other malformed NTFS filesystems, which allows remote attackers to prevent examination of corrupted records. NOTE: the vendor disputes the significance of these issues, because physical collection can be used instead, because the vendor believes that relevant attackers typically do not corrupt an MBR or a filesystem, and because detection of a loop is valuable on its own
Severity
No CVSS data available.
CWE
  • n/a
Assigner
Date Public
2007-07-26 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:37:06.010Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20070726 Re: Guidance Software response to iSEC report on EnCase",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/474809/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#Palmer"
          },
          {
            "name": "20070726 Guidance Software response to iSEC report on EnCase",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/474727/100/0/threaded"
          },
          {
            "name": "20070802 RE: Re: Guidance Software response to iSEC report on EnCase",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/475335/100/0/threaded"
          },
          {
            "name": "20070727 Re: Guidance Software response to iSEC report on EnCase (fwd)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/474750/100/0/threaded"
          },
          {
            "name": "25100",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25100"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Guidance Software EnCase does not properly handle (1) certain malformed MBR partition tables with many entries, which allows remote attackers to prevent logical collection of a disk image; (2) NTFS filesystems with directory loops, which allows remote attackers to prevent examination of certain directory contents; and (3) certain other malformed NTFS filesystems, which allows remote attackers to prevent examination of corrupted records. NOTE: the vendor disputes the significance of these issues, because physical collection can be used instead, because the vendor believes that relevant attackers typically do not corrupt an MBR or a filesystem, and because detection of a loop is valuable on its own"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20070726 Re: Guidance Software response to iSEC report on EnCase",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/474809/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#Palmer"
        },
        {
          "name": "20070726 Guidance Software response to iSEC report on EnCase",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/474727/100/0/threaded"
        },
        {
          "name": "20070802 RE: Re: Guidance Software response to iSEC report on EnCase",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/475335/100/0/threaded"
        },
        {
          "name": "20070727 Re: Guidance Software response to iSEC report on EnCase (fwd)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/474750/100/0/threaded"
        },
        {
          "name": "25100",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25100"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf"
        }
      ],
      "tags": [
        "disputed"
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4035",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "** DISPUTED **  Guidance Software EnCase does not properly handle (1) certain malformed MBR partition tables with many entries, which allows remote attackers to prevent logical collection of a disk image; (2) NTFS filesystems with directory loops, which allows remote attackers to prevent examination of certain directory contents; and (3) certain other malformed NTFS filesystems, which allows remote attackers to prevent examination of corrupted records. NOTE: the vendor disputes the significance of these issues, because physical collection can be used instead, because the vendor believes that relevant attackers typically do not corrupt an MBR or a filesystem, and because detection of a loop is valuable on its own."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070726 Re: Guidance Software response to iSEC report on EnCase",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/474809/100/0/threaded"
            },
            {
              "name": "http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#Palmer",
              "refsource": "MISC",
              "url": "http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#Palmer"
            },
            {
              "name": "20070726 Guidance Software response to iSEC report on EnCase",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/474727/100/0/threaded"
            },
            {
              "name": "20070802 RE: Re: Guidance Software response to iSEC report on EnCase",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/475335/100/0/threaded"
            },
            {
              "name": "20070727 Re: Guidance Software response to iSEC report on EnCase (fwd)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/474750/100/0/threaded"
            },
            {
              "name": "25100",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25100"
            },
            {
              "name": "http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf",
              "refsource": "MISC",
              "url": "http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4035",
    "datePublished": "2007-07-27T22:00:00.000Z",
    "dateReserved": "2007-07-27T00:00:00.000Z",
    "dateUpdated": "2024-08-07T14:37:06.010Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2007-4035",
      "date": "2026-07-18",
      "epss": "0.02202",
      "percentile": "0.80547"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-4035\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-07-27T22:30:00.000\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[{\"sourceIdentifier\":\"cve@mitre.org\",\"tags\":[\"disputed\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Guidance Software EnCase does not properly handle (1) certain malformed MBR partition tables with many entries, which allows remote attackers to prevent logical collection of a disk image; (2) NTFS filesystems with directory loops, which allows remote attackers to prevent examination of certain directory contents; and (3) certain other malformed NTFS filesystems, which allows remote attackers to prevent examination of corrupted records. NOTE: the vendor disputes the significance of these issues, because physical collection can be used instead, because the vendor believes that relevant attackers typically do not corrupt an MBR or a filesystem, and because detection of a loop is valuable on its own\"},{\"lang\":\"es\",\"value\":\"** EN DISPUTA ** Guidance Software EnCase no maneja correctamente (1) ciertas tablas de particiones MBR mal formadas con muchas entradas, lo que permite a atacantes remotos evitar la recopilaci\u00f3n l\u00f3gica de una imagen del disco; (2) sistemas de archivos NTFS con bucles de directorio, lo que permite a atacantes remotos evitar el examen de ciertos contenidos de directorios y (3) otros ciertos sistemas de archivos NTFS mal formados, lo que permite a atacantes remotos evitar el examen de archivos corruptos. NOTA: el fabricante impugna la importancia de estos problemas, porque se puede usar la recopilaci\u00f3n f\u00edsica en vez de lo anterior, ya que el fabricante cree que los atacantes pertinentes normalmente no corrompen un MBR o un sistema de archivos y porque la detecci\u00f3n de un bucle is \u00fatil por s\u00ed misma.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:guidance_software:encase:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"390A2951-B37B-4CCD-BFA2-49AC404DB53C\"}]}]}],\"references\":[{\"url\":\"http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#Palmer\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/474727/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/474750/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/474809/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/475335/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/25100\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#Palmer\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/474727/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/474750/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/474809/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/475335/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/25100\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…