CVE Vulnerabilities

CVE-2007-4198

Published: Aug 08, 2007 | Modified: Oct 15, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
NEGLIGIBLE

The fs_data_put_str function in ntfs.c in fls in Brian Carrier The Sleuth Kit (TSK) before 2.09 does not validate a certain length value, which allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image, which triggers a buffer over-read.

Affected Software

Name Vendor Start Version End Version
The_slueth_kit Brian_carrier * 2.08 (including)
Sleuthkit Ubuntu dapper *
Sleuthkit Ubuntu devel *
Sleuthkit Ubuntu edgy *
Sleuthkit Ubuntu feisty *
Sleuthkit Ubuntu gutsy *
Sleuthkit Ubuntu hardy *
Sleuthkit Ubuntu intrepid *
Sleuthkit Ubuntu jaunty *
Sleuthkit Ubuntu karmic *
Sleuthkit Ubuntu upstream *

References