Details of VAR-200710-0417

ID

VAR-200710-0417

CVE

CVE-2007-5482

TITLE

Sun StorEdge/StorageTek 3510 FC Array of FTP Service disruption in services (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-006227

DESCRIPTION

Unspecified vulnerability in the FTP service in Sun StorEdge/StorageTek 3510 FC Array with firmware before 4.21 allows remote attackers, with access to the Ethernet management interface, to cause a denial of service (I/O request timeout and device hang) via unspecified vectors. Remote attackers may exploit this issue to deny service to legitimate users. Sun StorEdge 3510 FC Array with firmware version 4.21 is affected. If the above vulnerability is present, hosts requesting I/O services from the affected array may report I/O request timeouts and eventually go offline from the array, and a message similar to the following may appear in the array event log: Tue Jan 24 14:03: 06 2007 [Primary] Warning Memory Not Sufficient to Fully Support Current Config ... ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,700 different Windows applications. Successful exploitation requires that the attacker has access to the management network to which the array's management Ethernet interface is connected to. The vulnerability is reported in firmware versions prior to 4.21. SOLUTION: Update to firmware 4.21, delivered in patch 113723-18 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103106-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-5482 // JVNDB: JVNDB-2007-006227 // BID: 26086 // VULHUB: VHN-28844 // PACKETSTORM: 60145

AFFECTED PRODUCTS

vendor:	sun	model:	storedge	scope:	eq	version:	*	Trust: 1.0
vendor:	sun	model:	storagetek 3510	scope:	eq	version:	*	Trust: 1.0
vendor:	sun microsystems	model:	storagetek 3510	scope:	lt	version:	firmware 4.21	Trust: 0.8
vendor:	sun microsystems	model:	storedge	scope:	lt	version:	firmware 4.21	Trust: 0.8
vendor:	sun	model:	storedge	scope:	eq	version:	firmware_4.20	Trust: 0.6
vendor:	sun	model:	storagetek 3510	scope:	eq	version:	firmware_4.20	Trust: 0.6
vendor:	sun	model:	storedge fc array	scope:	eq	version:	3510	Trust: 0.3

sources: BID: 26086 // JVNDB: JVNDB-2007-006227 // CNNVD: CNNVD-200710-311 // NVD: CVE-2007-5482

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-5482
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-5482
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200710-311
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-28844
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-5482
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-28844
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-28844 // JVNDB: JVNDB-2007-006227 // CNNVD: CNNVD-200710-311 // NVD: CVE-2007-5482

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2007-5482

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200710-311

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200710-311

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-006227

PATCH

title:

Sun Alert 103106

url:

https://blogs.oracle.com/sunsecurity/entry/sun_alert_103106_ftp_security

Trust: 0.8

sources: JVNDB: JVNDB-2007-006227

EXTERNAL IDS

db:	NVD	id:	CVE-2007-5482	Trust: 2.8
db:	BID	id:	26086	Trust: 2.0
db:	SECUNIA	id:	27201	Trust: 1.8
db:	SECTRACK	id:	1018819	Trust: 1.7
db:	OSVDB	id:	40168	Trust: 1.7
db:	VUPEN	id:	ADV-2007-3507	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-006227	Trust: 0.8
db:	XF	id:	37221	Trust: 0.6
db:	SUNALERT	id:	201253	Trust: 0.6
db:	SUNALERT	id:	103106	Trust: 0.6
db:	CNNVD	id:	CNNVD-200710-311	Trust: 0.6
db:	VULHUB	id:	VHN-28844	Trust: 0.1
db:	PACKETSTORM	id:	60145	Trust: 0.1

sources: VULHUB: VHN-28844 // BID: 26086 // JVNDB: JVNDB-2007-006227 // PACKETSTORM: 60145 // CNNVD: CNNVD-200710-311 // NVD: CVE-2007-5482

REFERENCES

url:	http://sunsolve.sun.com/search/document.do?assetkey=1-26-103106-1	Trust: 1.8
url:	http://www.securityfocus.com/bid/26086	Trust: 1.7
url:	http://osvdb.org/40168	Trust: 1.7
url:	http://www.securitytracker.com/id?1018819	Trust: 1.7
url:	http://secunia.com/advisories/27201	Trust: 1.7
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-66-201253-1	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2007/3507	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/37221	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5482	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5482	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2007/3507	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/37221	Trust: 0.6
url:	http://www.sun.com/products-n-solutions/hardware/docs/network_storage_solutions/workgroup/3510/index.html	Trust: 0.3
url:	https://srcm.symantec.com/editvulnerabilityfixes.aspx?docid=121449	Trust: 0.3
url:	http://secunia.com/advisories/27201/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/network_software_inspector/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/16137/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-28844 // BID: 26086 // JVNDB: JVNDB-2007-006227 // PACKETSTORM: 60145 // CNNVD: CNNVD-200710-311 // NVD: CVE-2007-5482

CREDITS

Sun Alert Notification

Trust: 0.6

sources: CNNVD: CNNVD-200710-311

SOURCES

db:	VULHUB	id:	VHN-28844
db:	BID	id:	26086
db:	JVNDB	id:	JVNDB-2007-006227
db:	PACKETSTORM	id:	60145
db:	CNNVD	id:	CNNVD-200710-311
db:	NVD	id:	CVE-2007-5482

LAST UPDATE DATE

2025-04-10T23:23:41.031000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-28844	date:	2017-07-29T00:00:00
db:	BID	id:	26086	date:	2007-10-26T23:26:00
db:	JVNDB	id:	JVNDB-2007-006227	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200710-311	date:	2007-10-17T00:00:00
db:	NVD	id:	CVE-2007-5482	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-28844	date:	2007-10-16T00:00:00
db:	BID	id:	26086	date:	2007-10-15T00:00:00
db:	JVNDB	id:	JVNDB-2007-006227	date:	2012-12-20T00:00:00
db:	PACKETSTORM	id:	60145	date:	2007-10-16T22:06:25
db:	CNNVD	id:	CNNVD-200710-311	date:	2007-10-16T00:00:00
db:	NVD	id:	CVE-2007-5482	date:	2007-10-16T23:17:00