CVE-2007-1273 - Vulnerability Details - OpenCVE

Integer overflow in the ktruser function in NetBSD-current before 20061022, NetBSD 3 and 3-0 before 20061024, and NetBSD 2 before 20070209, when the kernel is built with the COMPAT_FREEBSD or COMPAT_DARWIN option, allows local users to cause a denial of service and possibly gain privileges.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00052.

Key SSVC decision points have not yet been added.

Vendors	Products
Navision Subscribe	Financials Server Subscribe
Netbsd Subscribe	Netbsd Subscribe

Configuration 1 [-]

AND

OR	cpe:2.3:o:netbsd:netbsd:2.0:::::::*
	cpe:2.3:o:netbsd:netbsd:2.0.1:::::::*
	cpe:2.3:o:netbsd:netbsd:2.0.2:::::::*
	cpe:2.3:o:netbsd:netbsd:2.0.3:::::::*
	cpe:2.3:o:netbsd:netbsd:2.0.4:::::::*
	cpe:2.3:o:netbsd:netbsd:2.1:::::::*
	cpe:2.3:o:netbsd:netbsd:3.0.1:::::::*
	cpe:2.3:o:netbsd:netbsd:4.0:::::::*

cpe:2.3:a:navision:financials_server:3.0:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2007-1270	Integer overflow in the ktruser function in NetBSD-current before 20061022, NetBSD 3 and 3-0 before 20061024, and NetBSD 2 before 20070209, when the kernel is built with the COMPAT_FREEBSD or COMPAT_DARWIN option, allows local users to cause a denial of service and possibly gain privileges.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-001.txt.asc
http://osvdb.org/35453
http://www.securityfocus.com/bid/22878

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-03-10T20:00:00

Updated: 2024-08-07T12:50:35.240Z

Reserved: 2007-03-04T00:00:00

Link: CVE-2007-1273

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-03-10T20:19:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-1273

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-03-08T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in the ktruser function in NetBSD-current before 20061022, NetBSD 3 and 3-0 before 20061024, and NetBSD 2 before 20070209, when the kernel is built with the COMPAT_FREEBSD or COMPAT_DARWIN option, allows local users to cause a denial of service and possibly gain privileges."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2008-11-13T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "22878", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22878"}, {"name": "35453", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35453"}, {"name": "NetBSD-SA2007-001", "tags": ["vendor-advisory", "x_refsource_NETBSD"], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-001.txt.asc"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1273", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in the ktruser function in NetBSD-current before 20061022, NetBSD 3 and 3-0 before 20061024, and NetBSD 2 before 20070209, when the kernel is built with the COMPAT_FREEBSD or COMPAT_DARWIN option, allows local users to cause a denial of service and possibly gain privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "22878", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22878"}, {"name": "35453", "refsource": "OSVDB", "url": "http://osvdb.org/35453"}, {"name": "NetBSD-SA2007-001", "refsource": "NETBSD", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-001.txt.asc"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:50:35.240Z"}, "title": "CVE Program Container", "references": [{"name": "22878", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/22878"}, {"name": "35453", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35453"}, {"name": "NetBSD-SA2007-001", "tags": ["vendor-advisory", "x_refsource_NETBSD", "x_transferred"], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-001.txt.asc"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1273", "datePublished": "2007-03-10T20:00:00", "dateReserved": "2007-03-04T00:00:00", "dateUpdated": "2024-08-07T12:50:35.240Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netbsd:netbsd:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A3C3F588-98DA-4F6F-A083-2B9EE534C561", "vulnerable": false}, {"criteria": "cpe:2.3:o:netbsd:netbsd:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1C2ED81B-8DA2-46D0-AE24-C61BF8E78AE9", "vulnerable": false}, {"criteria": "cpe:2.3:o:netbsd:netbsd:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "D18C95A3-15E3-41B8-AC28-ACEA57021E24", "vulnerable": false}, {"criteria": "cpe:2.3:o:netbsd:netbsd:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "6CFC6B75-9057-4E58-A4D4-8AEC12AE62E4", "vulnerable": false}, {"criteria": "cpe:2.3:o:netbsd:netbsd:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "36419DD6-0DB4-4BB6-A35F-D8FDB89402F1", "vulnerable": false}, {"criteria": "cpe:2.3:o:netbsd:netbsd:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "28BD9F91-2384-4557-9648-25FC00D04677", "vulnerable": false}, {"criteria": "cpe:2.3:o:netbsd:netbsd:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4F9432E9-AACA-4242-BDAB-8792ACF72C12", "vulnerable": false}, {"criteria": "cpe:2.3:o:netbsd:netbsd:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9875E709-11BA-4B8F-A2FC-26844DD4D563", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:navision:financials_server:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9B70D3E5-924C-4AB7-ABF7-6273DE325007", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in the ktruser function in NetBSD-current before 20061022, NetBSD 3 and 3-0 before 20061024, and NetBSD 2 before 20070209, when the kernel is built with the COMPAT_FREEBSD or COMPAT_DARWIN option, allows local users to cause a denial of service and possibly gain privileges."}, {"lang": "es", "value": "Desbordamiento de entero en la funci\u00f3n ktruser en NetBSD-current versiones anteriores a 20061022, NetBSD 3 y 3-0 versiones anteriores a 20061024, y NetBSD 2 versiones anteriores a 20070209, cuando el kernel se construye con la opci\u00f3n COMAPT_FREEBSD o COMPAT_DARWIN, permite a usuarios locales provocar una denegaci\u00f3n de servicio y posiblemente obtener privilegios."}], "id": "CVE-2007-1273", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-03-10T20:19:00.000", "references": [{"source": "cve@mitre.org", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-001.txt.asc"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35453"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22878"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-001.txt.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/35453"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/22878"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}