CVE-2007-3962 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-3962
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-3962

Description: Multiple stack-based buffer overflows in fsplib.c in fsplib before 0.9 might allow remote attackers to execute arbitrary code via (1) a long filename that is not properly handled by the fsp_readdir_native function when MAXNAMLEN is greater than 255, or (2) a long d_name directory (dirent) field in the fsp_readdir function.

CVE Status: Candidate

References: SAID Secunia Advisory: SA26184 Secunia Advisory: SA26378 Secunia Advisory: SA27501 OSVDB 38569 38570 MISC http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.21&r2=1.22 http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.17&r2=1.18 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:018 GENTOO http://security.gentoo.org/glsa/glsa-200711-01.xml CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=188252 http://fsp.cvs.sourceforge.net/fsp/fsplib/ChangeLog?revision=1.17&view=markup BID 25034

Return to the previous page.