Sign-up

ID

VAR-200703-0036


CVE

CVE-2007-1324


TITLE

SnapGear Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-005211

DESCRIPTION

SnapGear 560, 585, 580, 640, 710, and 720 appliances before the 3.1.4u5 firmware allow remote attackers to cause a denial of service (complete packet loss) via a packet flood, a different vulnerability than CVE-2006-4613. SnapGear is prone to a denial-of-service vulnerability because the device fails to handle exceptional conditions. An attacker can exploit this issue to cause the affected device to stop processing packets, denying service to legitimate users. This issue affects the 560, 585, 580, 640, 710, and 720 models. This vulnerability is different from CVE-2006-4613. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_vacancies/ Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/ ---------------------------------------------------------------------- TITLE: SnapGear Packet Handling Denial of Service SECUNIA ADVISORY ID: SA24388 VERIFY ADVISORY: http://secunia.com/advisories/24388/ CRITICAL: Less critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: SnapGear 3.x http://secunia.com/product/11807/ DESCRIPTION: A vulnerability has been reported in SnapGear, which can be exploited by malicious people to cause a DoS (Denial of Service). An unspecified error can be exploited to cause all packets to be dropped when the device is under a packet flood. SOLUTION: Update to firmware version 3.1.4u5. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cyberguard.info/snapgear/releases.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-1324 // JVNDB: JVNDB-2007-005211 // BID: 22835 // VULHUB: VHN-24686 // PACKETSTORM: 54857

AFFECTED PRODUCTS

vendor:snapgearmodel:710scope:eqversion:1.8_firmware

Trust: 1.6

vendor:snapgearmodel:720scope:eqversion:1.7.8_firmware

Trust: 1.6

vendor:snapgearmodel:720scope:eqversion:1.8.4_firmware

Trust: 1.6

vendor:snapgearmodel:560scope:eqversion:1.7.10_firmware

Trust: 1.6

vendor:snapgearmodel:720scope:eqversion:1.8_firmware

Trust: 1.6

vendor:snapgearmodel:720scope:eqversion:1.8.5_firmware

Trust: 1.6

vendor:snapgearmodel:720scope:eqversion:3.1.4u2_firmware

Trust: 1.6

vendor:snapgearmodel:720scope:eqversion:1.7.10_firmware

Trust: 1.6

vendor:snapgearmodel:560scope:eqversion:1.7.8_firmware

Trust: 1.6

vendor:snapgearmodel:710scope:eqversion:3.1.4u2_firmware

Trust: 1.6

vendor:snapgearmodel:710scope:eqversion:1.7.8_firmware

Trust: 1.0

vendor:snapgearmodel:580scope:eqversion:1.7.10_firmware

Trust: 1.0

vendor:snapgearmodel:580scope:eqversion:1.8_firmware

Trust: 1.0

vendor:snapgearmodel:580scope:eqversion:1.8.4_firmware

Trust: 1.0

vendor:snapgearmodel:710scope:eqversion:1.7.9_firmware

Trust: 1.0

vendor:snapgearmodel:580scope:eqversion:1.8.5_firmware

Trust: 1.0

vendor:snapgearmodel:560scope:eqversion:1.7.9_firmware

Trust: 1.0

vendor:snapgearmodel:640scope:eqversion:1.7.8_firmware

Trust: 1.0

vendor:snapgearmodel:560scope:eqversion:1.8_firmware

Trust: 1.0

vendor:snapgearmodel:640scope:eqversion:3.1.4u2_firmware

Trust: 1.0

vendor:snapgearmodel:710scope:eqversion:1.7.10_firmware

Trust: 1.0

vendor:snapgearmodel:560scope:eqversion:1.8.4_firmware

Trust: 1.0

vendor:snapgearmodel:710scope:eqversion:1.8.4_firmware

Trust: 1.0

vendor:snapgearmodel:560scope:eqversion:3.1.4u2

Trust: 1.0

vendor:snapgearmodel:560scope:eqversion:1.8.5_firmware

Trust: 1.0

vendor:snapgearmodel:640scope:eqversion:1.7.9_firmware

Trust: 1.0

vendor:snapgearmodel:710scope:eqversion:1.8.5_firmware

Trust: 1.0

vendor:snapgearmodel:720scope:eqversion:1.7.9_firmware

Trust: 1.0

vendor:snapgearmodel:640scope:eqversion:1.8_firmware

Trust: 1.0

vendor:snapgearmodel:640scope:eqversion:1.8.4_firmware

Trust: 1.0

vendor:snapgearmodel:640scope:eqversion:1.7.10_firmware

Trust: 1.0

vendor:snapgearmodel:585scope:eqversion:3.1.4u2_firmware

Trust: 1.0

vendor:snapgearmodel:640scope:eqversion:1.8.5_firmware

Trust: 1.0

vendor:snapgearmodel:585scope:eqversion:1.7.8_firmware

Trust: 1.0

vendor:snapgearmodel:585scope:eqversion:1.7.9_firmware

Trust: 1.0

vendor:snapgearmodel:585scope:eqversion:1.7.10_firmware

Trust: 1.0

vendor:snapgearmodel:585scope:eqversion:1.8_firmware

Trust: 1.0

vendor:snapgearmodel:580scope:eqversion:1.7.8_firmware

Trust: 1.0

vendor:snapgearmodel:580scope:eqversion:3.1.4u2_firmware

Trust: 1.0

vendor:snapgearmodel:585scope:eqversion:1.8.4_firmware

Trust: 1.0

vendor:snapgearmodel:585scope:eqversion:1.8.5_firmware

Trust: 1.0

vendor:snapgearmodel:580scope:eqversion:1.7.9_firmware

Trust: 1.0

vendor:snapgearmodel:560scope:ltversion:3.1.4u5

Trust: 0.8

vendor:snapgearmodel:580scope:ltversion:3.1.4u5

Trust: 0.8

vendor:snapgearmodel:585scope:ltversion:3.1.4u5

Trust: 0.8

vendor:snapgearmodel:640scope:ltversion:3.1.4u5

Trust: 0.8

vendor:snapgearmodel:710scope:ltversion:3.1.4u5

Trust: 0.8

vendor:snapgearmodel:720scope:ltversion:3.1.4u5

Trust: 0.8

vendor:snapgearmodel:os u2scope:eqversion:3.1.4

Trust: 0.3

vendor:snapgearmodel:osscope:eqversion:1.8.5

Trust: 0.3

vendor:snapgearmodel:osscope:eqversion:1.8.4

Trust: 0.3

vendor:snapgearmodel:osscope:eqversion:1.8

Trust: 0.3

vendor:snapgearmodel:osscope:eqversion:1.7.10

Trust: 0.3

vendor:snapgearmodel:osscope:eqversion:1.7.9

Trust: 0.3

vendor:snapgearmodel:osscope:eqversion:1.7.8

Trust: 0.3

vendor:snapgearmodel:os 3.1.4u5scope:neversion: -

Trust: 0.3

sources: BID: 22835 // JVNDB: JVNDB-2007-005211 // CNNVD: CNNVD-200703-233 // NVD: CVE-2007-1324

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-1324
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-1324
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200703-233
value: MEDIUM

Trust: 0.6

VULHUB: VHN-24686
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-1324
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-24686
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-24686 // JVNDB: JVNDB-2007-005211 // CNNVD: CNNVD-200703-233 // NVD: CVE-2007-1324

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-1324

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200703-233

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200703-233

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-005211

EXTERNAL IDS
db:NVDid:CVE-2007-1324
Trust: 2.8
db:BIDid:22835
Trust: 2.0
db:SECUNIAid:24388
Trust: 1.8
db:OSVDBid:33864
Trust: 1.7
db:VUPENid:ADV-2007-0850
Trust: 1.7
db:JVNDBid:JVNDB-2007-005211
Trust: 0.8
db:CNNVDid:CNNVD-200703-233
Trust: 0.7
db:XFid:32824
Trust: 0.6
db:VULHUBid:VHN-24686
Trust: 0.1
db:PACKETSTORMid:54857
Trust: 0.1
sources:
            
            
            VULHUB: VHN-24686 // 
            
            
            
            BID: 22835 // 
            
            
            
            JVNDB: JVNDB-2007-005211 // 
            
            
            
            PACKETSTORM: 54857 // 
            
            
            
            CNNVD: CNNVD-200703-233 // 
            
            
            
            NVD: CVE-2007-1324

REFERENCES
url:http://www.cyberguard.info/snapgear/releases.html
Trust: 2.1
url:http://www.securityfocus.com/bid/22835
Trust: 1.7
url:http://osvdb.org/33864
Trust: 1.7
url:http://secunia.com/advisories/24388
Trust: 1.7
url:http://www.vupen.com/english/advisories/2007/0850
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/32824
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1324
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1324
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/32824
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2007/0850
Trust: 0.6
url:http://www.snapgear.com/liteplus.html
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/11807/
Trust: 0.1
url:http://secunia.com/disassembling_og_reversing/
Trust: 0.1
url:http://secunia.com/secunia_vacancies/
Trust: 0.1
url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/
Trust: 0.1
url:http://secunia.com/advisories/24388/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-24686 // 
            
            
            
            BID: 22835 // 
            
            
            
            JVNDB: JVNDB-2007-005211 // 
            
            
            
            PACKETSTORM: 54857 // 
            
            
            
            CNNVD: CNNVD-200703-233 // 
            
            
            
            NVD: CVE-2007-1324

CREDITS
The vendor reported this issue.
Trust: 0.9
sources:
            
            
            BID: 22835 // 
            
            
            
            CNNVD: CNNVD-200703-233

SOURCES
db:VULHUBid:VHN-24686
db:BIDid:22835
db:JVNDBid:JVNDB-2007-005211
db:PACKETSTORMid:54857
db:CNNVDid:CNNVD-200703-233
db:NVDid:CVE-2007-1324

LAST UPDATE DATE
2025-04-10T23:22:32.983000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-24686date:2017-07-29T00:00:00
db:BIDid:22835date:2015-05-12T19:33:00
db:JVNDBid:JVNDB-2007-005211date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200703-233date:2007-03-12T00:00:00
db:NVDid:CVE-2007-1324date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-24686date:2007-03-07T00:00:00
db:BIDid:22835date:2007-03-06T00:00:00
db:JVNDBid:JVNDB-2007-005211date:2012-12-20T00:00:00
db:PACKETSTORMid:54857date:2007-03-08T00:54:52
db:CNNVDid:CNNVD-200703-233date:2007-03-07T00:00:00
db:NVDid:CVE-2007-1324date:2007-03-07T21:19:00