CVE-2007-1173: Buffer Overflow
First published: Wed May 16 2007(Updated: )
Multiple buffer overflows in the CentennialIPTransferServer service (XFERWAN.EXE), as used by (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, and (3) Symantec Discovery 6.5, allow remote attackers to execute arbitrary code via long strings in a crafted TCP packet.
Credit: PSIRT-CNA@flexerasoftware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Numara Asset Manager | =8.0 | |
| Symantec Discovery | =6.5 | |
| Centennial Discovery | =2006_featurepack1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/secunia_research/2007-41/advisory/
- http://secunia.com/secunia_research/2007-42/advisory/
- http://secunia.com/secunia_research/2007-43/advisory/
- http://secunia.com/advisories/24090
- http://secunia.com/advisories/24281
- http://secunia.com/advisories/24329
- http://www.securityfocus.com/bid/24002
- http://www.securitytracker.com/id?1018072
- http://osvdb.org/35076
- http://www.vupen.com/english/advisories/2007/1833
- http://www.vupen.com/english/advisories/2007/1832
- http://www.vupen.com/english/advisories/2007/1834
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34313
Frequently Asked Questions
What is the severity of CVE-2007-1173?
CVE-2007-1173 is classified as a critical severity vulnerability due to the potential for remote code execution.
How do I fix CVE-2007-1173?
To fix CVE-2007-1173, ensure that you apply the latest patches and updates provided by the software vendors of the affected applications.
Which software is affected by CVE-2007-1173?
CVE-2007-1173 affects Numara Asset Manager 8.0, Symantec Discovery 6.5, and Centennial Discovery 2006 Feature Pack 1.
Can CVE-2007-1173 be exploited remotely?
Yes, CVE-2007-1173 can be exploited remotely via crafted TCP packets containing long strings.
What type of vulnerability is CVE-2007-1173?
CVE-2007-1173 is a buffer overflow vulnerability that allows for arbitrary code execution.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/description
- agent/event
- agent/tags
- agent/source
- vendor/numara
- canonical/numara asset manager
- version/numara asset manager/8.0
- vendor/symantec
- canonical/symantec discovery
- version/symantec discovery/6.5
- vendor/centennial
- canonical/centennial discovery
- version/centennial discovery/2006_featurepack1