CVE-2007-4570

mctransd DoS

Severity Score

1.9

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Algorithmic complexity vulnerability in the MCS translation daemon in mcstrans 0.2.3 allows local users to cause a denial of service (temporary daemon outage) via a large range of compartments in sensitivity labels.

Vulnerabilidad de complejidad algorítmica en el demonio de traducción MCS en el mcstrans 0.2.3 permite a usuarios locales provocar una denegación de servicio (apagón temporal del demonio) a través de un rango largo de compartimientos en las etiquetas sensibles.

*Credits: N/A

CVSS Scores

NISTv2 1.9

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-08-28 CVE Reserved
2007-11-10 CVE Published
2023-03-08 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (9)

URL	Tag	Source
http://osvdb.org/39244	Vdb Entry
http://secunia.com/advisories/27589	Third Party Advisory
http://www.securityfocus.com/bid/26371	Vdb Entry
https://bugzilla.redhat.com/attachment.cgi?id=193951	X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/38357	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10350	Signature

URL	Date	SRC

URL	Date	SRC
https://rhn.redhat.com/errata/RHSA-2007-0542.html	2017-09-29

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=288201	2007-11-07
https://access.redhat.com/security/cve/CVE-2007-4570	2007-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"	Mcstrans Search vendor "Redhat" for product "Mcstrans"	0.2.3 Search vendor "Redhat" for product "Mcstrans" and version "0.2.3"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	5.0 Search vendor "Redhat" for product "Enterprise Linux" and version "5.0"	unkown, server	Safe
Redhat Search vendor "Redhat"	Mcstrans Search vendor "Redhat" for product "Mcstrans"	0.2.3 Search vendor "Redhat" for product "Mcstrans" and version "0.2.3"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	5.0 Search vendor "Redhat" for product "Enterprise Linux" and version "5.0"	unkown, client	Safe